Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zapret.exe

Overview

General Information

Sample name:zapret.exe
Analysis ID:1575409
MD5:9327bcb9ae5148a036f68878d44847ae
SHA1:5c1b9bc39ce084ddced90212a0fd9f09b5285068
SHA256:4d8cef197e1744069b1882512cb69e2695afd7345b1eb3926b0f09d0ad2c1c4b
Tags:CoinMinerexegeofencedRUSuser-sa6ta6ni6c
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to infect the boot sector
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • zapret.exe (PID: 6568 cmdline: "C:\Users\user\Desktop\zapret.exe" MD5: 9327BCB9AE5148A036F68878D44847AE)
    • zapret.exe (PID: 3128 cmdline: "C:\Users\user\Desktop\zapret.exe" MD5: 9327BCB9AE5148A036F68878D44847AE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: zapret.exeVirustotal: Detection: 20%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA43A0 PyCFunction_NewEx,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,2_2_66FA43A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8732FD0 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8A8732FD0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87344C0 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A87344C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871FDB0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,2_2_00007FF8A871FDB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87489D0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,2_2_00007FF8A87489D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876E910 EVP_PKEY_CTX_new,X509_get0_pubkey,ERR_clear_error,EVP_PKEY_decrypt,EVP_PKEY_CTX_ctrl,EVP_PKEY_CTX_free,2_2_00007FF8A876E910
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711BEF ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,2_2_00007FF8A8711BEF
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A875A940 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A875A940
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871EA80 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,2_2_00007FF8A871EA80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8744AD0 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8A8744AD0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87124BE CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A87124BE
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8718AF0 CRYPTO_free,2_2_00007FF8A8718AF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8770AF0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8770AF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711B54 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A8711B54
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A875CA20 CRYPTO_free,CRYPTO_free,2_2_00007FF8A875CA20
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872EA40 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,2_2_00007FF8A872EA40
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874EA60 CRYPTO_realloc,2_2_00007FF8A874EA60
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87123D3 CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,2_2_00007FF8A87123D3
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8756A70 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8756A70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712063 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,2_2_00007FF8A8712063
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8742BA0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8A8742BA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711848 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A8711848
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876CBB0 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A876CBB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8726B53 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error,2_2_00007FF8A8726B53
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876EC80 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,2_2_00007FF8A876EC80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874ECA0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A874ECA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A875ACC0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A875ACC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871179E CRYPTO_free,2_2_00007FF8A871179E
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871191A ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8A871191A
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8746CF0 CRYPTO_free,CRYPTO_free,2_2_00007FF8A8746CF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871212B EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy,2_2_00007FF8A871212B
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711253 CRYPTO_free,2_2_00007FF8A8711253
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8726C53 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8726C53
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8746C50 CRYPTO_free,2_2_00007FF8A8746C50
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87123C4 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A87123C4
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8738D80 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A8738D80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712301 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8712301
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8762DB0 CRYPTO_malloc,memcpy,2_2_00007FF8A8762DB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,2_2_00007FF8A8711028
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8756D00 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8756D00
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87118B6 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,2_2_00007FF8A87118B6
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A873CD70 CRYPTO_malloc,CRYPTO_clear_free,2_2_00007FF8A873CD70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8746EB0 CRYPTO_free,2_2_00007FF8A8746EB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876AEB0 CRYPTO_memcmp,2_2_00007FF8A876AEB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8718E00 CRYPTO_malloc,ERR_put_error,2_2_00007FF8A8718E00
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8746E40 CRYPTO_free,2_2_00007FF8A8746E40
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A877AE40 memset,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,2_2_00007FF8A877AE40
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A871141F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711A05 EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,2_2_00007FF8A8711A05
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876EF80 EVP_PKEY_get0_RSA,RSA_size,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,2_2_00007FF8A876EF80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8738FE0 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8A8738FE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8760F00 CRYPTO_free,2_2_00007FF8A8760F00
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87118C0 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A87118C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8776F30 CRYPTO_free,CRYPTO_malloc,ERR_put_error,2_2_00007FF8A8776F30
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871242D CRYPTO_free,CRYPTO_memdup,ERR_put_error,2_2_00007FF8A871242D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711ACD CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A8711ACD
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A873F0E0 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A873F0E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8719020 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A8719020
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712275 CRYPTO_free,2_2_00007FF8A8712275
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8729040 ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8A8729040
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712496 CRYPTO_free,CRYPTO_malloc,memcpy,2_2_00007FF8A8712496
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A875A190 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8A875A190
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87581AE CRYPTO_free,CRYPTO_free,2_2_00007FF8A87581AE
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712130 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8A8712130
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87120FB CRYPTO_malloc,2_2_00007FF8A87120FB
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711B9F CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A8711B9F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8762110 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy,2_2_00007FF8A8762110
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711EA1 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A8711EA1
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711E97 memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,CRYPTO_memcmp,2_2_00007FF8A8711E97
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87119E7 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A87119E7
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A873C290 CRYPTO_free,CRYPTO_free,2_2_00007FF8A873C290
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87119B5 CRYPTO_malloc,2_2_00007FF8A87119B5
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711C1C EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,2_2_00007FF8A8711C1C
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A873C380 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8A873C380
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87763A0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A87763A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871150F CRYPTO_free,2_2_00007FF8A871150F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87118CA CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A87118CA
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8711357
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712239 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8A8712239
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711EEC EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8A8711EEC
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8714407 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8A8714407
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8728430 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8A8728430
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87124F5 CRYPTO_free,2_2_00007FF8A87124F5
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A875A5D0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A875A5D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872A530 CRYPTO_THREAD_run_once,2_2_00007FF8A872A530
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64,2_2_00007FF8A8711230
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A873C540 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error,2_2_00007FF8A873C540
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8718560 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A8718560
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87117B2 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A87117B2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8718610 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,2_2_00007FF8A8718610
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8742620 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A8742620
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8714630 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8A8714630
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711F82 CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,2_2_00007FF8A8711F82
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711FA0 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,2_2_00007FF8A8711FA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87122C5 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A87122C5
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711726 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8711726
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87607E0 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A87607E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8746700 CRYPTO_free,2_2_00007FF8A8746700
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872C710 CRYPTO_get_ex_new_index,2_2_00007FF8A872C710
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871184D CRYPTO_free,2_2_00007FF8A871184D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8760740 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8760740
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872C770 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8A872C770
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8746770 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A8746770
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711B40 CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,2_2_00007FF8A8711B40
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871252C CRYPTO_malloc,ERR_put_error,BIO_snprintf,2_2_00007FF8A871252C
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711D9D CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8711D9D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8733900 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8733900
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87116E0 CRYPTO_zalloc,2_2_00007FF8A87116E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872D940 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8A872D940
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872F960 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8A872F960
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8761960 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8A8761960
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87121AD memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A87121AD
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711EF1 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,2_2_00007FF8A8711EF1
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8767AE0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8767AE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711CC6 CRYPTO_malloc,COMP_expand_block,2_2_00007FF8A8711CC6
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872DA30 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8A872DA30
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8749A30 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A8749A30
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87117CB CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8A87117CB
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874FA50 CRYPTO_memcmp,2_2_00007FF8A874FA50
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711D43 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8A8711D43
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup,2_2_00007FF8A871109B
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8717BA0 CRYPTO_free,2_2_00007FF8A8717BA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871DBE0 CRYPTO_free,2_2_00007FF8A871DBE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87116B3 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8A87116B3
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872BB70 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,2_2_00007FF8A872BB70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8729B70 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8729B70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8743C80 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A8743C80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871DC90 CRYPTO_free,2_2_00007FF8A871DC90
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87122F7 CRYPTO_free,2_2_00007FF8A87122F7
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87117D0 CRYPTO_malloc,memcpy,2_2_00007FF8A87117D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8769CDC CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8769CDC
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711E4C CRYPTO_clear_free,2_2_00007FF8A8711E4C
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8717CF0 CRYPTO_free,2_2_00007FF8A8717CF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871DCF0 CRYPTO_free,2_2_00007FF8A871DCF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872DC70 CRYPTO_THREAD_run_once,2_2_00007FF8A872DC70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874FD80 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A874FD80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871DDA0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A871DDA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8747DD0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A8747DD0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8717DF0 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A8717DF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8767D00 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8767D00
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8727D40 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8727D40
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8735D50 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8A8735D50
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711E56 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free,2_2_00007FF8A8711E56
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711CD5 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8711CD5
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8711208
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A875BEF0 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A875BEF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8743E40 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,2_2_00007FF8A8743E40
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8757E6F CRYPTO_malloc,2_2_00007FF8A8757E6F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8725E70 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8725E70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711AB4 CRYPTO_free,2_2_00007FF8A8711AB4
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8725FAA CRYPTO_free,2_2_00007FF8A8725FAA
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8719FC0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8719FC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8767FC0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,2_2_00007FF8A8767FC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8759FC0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A8759FC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8727FE0 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A8727FE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871DFE0 CRYPTO_malloc,2_2_00007FF8A871DFE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87114FB CRYPTO_free,CRYPTO_memdup,ERR_put_error,2_2_00007FF8A87114FB
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711B8B CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A8711B8B
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8717F50 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A8717F50
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874FF70 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A874FF70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87240B0 CRYPTO_clear_free,2_2_00007FF8A87240B0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy,2_2_00007FF8A8711249
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711F5F CRYPTO_strdup,2_2_00007FF8A8711F5F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711B0E memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,2_2_00007FF8A8711B0E
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A873C0F0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8A873C0F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871210D HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,2_2_00007FF8A871210D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8732010 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A8732010
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87115C8 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A87115C8
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871402B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8A871402B
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712243 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8A8712243
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711AFF CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,2_2_00007FF8A8711AFF
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711C3A X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A8711C3A
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8747150 CRYPTO_free,2_2_00007FF8A8747150
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87110A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8A87110A5
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8727290 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,2_2_00007FF8A8727290
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871165E CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A871165E
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711D7F BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8711D7F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712176 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A8712176
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8712144 CRYPTO_free,CRYPTO_malloc,RAND_bytes,2_2_00007FF8A8712144
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711F55 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8711F55
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872D3E0 CRYPTO_THREAD_run_once,2_2_00007FF8A872D3E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711C03 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8711C03
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FF8A8711005
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711690 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A8711690
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711681 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8711681
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871207C CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,2_2_00007FF8A871207C
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876F4A0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A876F4A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874F4D0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A874F4D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A871125D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A871101E
Source: zapret.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32trace.pdb source: zapret.exe, 00000000.00000003.2083178231.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149243017.00007FF8B8B24000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pythoncom.pdb}},GCTL source: zapret.exe, 00000002.00000002.2145348550.00007FF8A934C000.00000002.00000001.01000000.0000000C.sdmp, pythoncom38.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_ssl.pdb source: zapret.exe, 00000002.00000002.2148301802.00007FF8B7E0D000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2148533468.00007FF8B7E29000.00000002.00000001.01000000.0000000F.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\python3.pdb source: zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149058661.00007FF8B8792000.00000002.00000001.01000000.0000001A.sdmp, python3.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149617126.00007FF8B8CB5000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.0.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: zapret.exe, 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32api.pdb source: zapret.exe, 00000002.00000002.2148968492.00007FF8B7E53000.00000002.00000001.01000000.0000000D.sdmp, win32api.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: zapret.exe, 00000002.00000002.2144453646.00007FF8A8A03000.00000002.00000001.01000000.00000012.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\_win32sysloader.pdb source: zapret.exe, 00000000.00000003.2076200739.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: zapret.exe, 00000002.00000002.2144878021.00007FF8A8DFD000.00000002.00000001.01000000.00000004.sdmp, python38.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: zapret.exe, 00000002.00000002.2149919232.00007FF8B93D1000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149243017.00007FF8B8B24000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32api.pdb!! source: zapret.exe, 00000002.00000002.2148968492.00007FF8B7E53000.00000002.00000001.01000000.0000000D.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zapret.exe, 00000000.00000003.2074967265.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150245976.00007FF8BA4F5000.00000002.00000001.01000000.00000009.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149394683.00007FF8B8B3E000.00000002.00000001.01000000.0000000A.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_queue.pdb source: zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149503213.00007FF8B8C13000.00000002.00000001.01000000.00000015.sdmp, _queue.pyd.0.dr
Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: zapret.exe, 00000000.00000003.2074218567.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150129915.00007FF8BA24E000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pywintypes.pdb source: zapret.exe, 00000002.00000002.2149741475.00007FF8B8F81000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pywintypes.pdb** source: zapret.exe, 00000002.00000002.2149741475.00007FF8B8F81000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: zapret.exe, 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: zapret.exe, 00000002.00000002.2144453646.00007FF8A8A03000.00000002.00000001.01000000.00000012.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150029817.00007FF8B9843000.00000002.00000001.01000000.00000010.sdmp, select.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: zapret.exe, 00000000.00000003.2082712670.000001460ADC8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141990577.00007FF8A8705000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: zapret.exe, 00000000.00000003.2074218567.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150129915.00007FF8BA24E000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: zapret.exe, 00000000.00000003.2074967265.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150245976.00007FF8BA4F5000.00000002.00000001.01000000.00000009.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pythoncom.pdb source: zapret.exe, 00000002.00000002.2145348550.00007FF8A934C000.00000002.00000001.01000000.0000000C.sdmp, pythoncom38.dll.0.dr
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C85F0 FindFirstFileExW,FindClose,0_2_00007FF7279C85F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C85F0 FindFirstFileExW,FindClose,2_2_00007FF7279C85F0
Source: Joe Sandbox ViewIP Address: 162.159.136.232 162.159.136.232
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F93330 strchr,WSAStartup,gethostbyname,socket,htons,ioctlsocket,ioctlsocket,connect,ioctlsocket,send,send,WSAGetLastError,closesocket,WSACleanup,SetLastError,recv,recv,closesocket,WSACleanup,strstr,toupper,strstr,toupper,toupper,toupper,toupper,strstr,memcmp,memcmp,_mktime64,gethostbyname,WSAGetLastError,WSAGetLastError,ioctlsocket,WSAGetLastError,WSAGetLastError,WSACleanup,SetLastError,WSAGetLastError,select,ioctlsocket,2_2_66F93330
Source: global trafficDNS traffic detected: DNS query: discord.com
Source: zapret.exe, 00000002.00000002.2140895113.000001E5BAFC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: zapret.exe, 00000002.00000002.2133404768.000001E5BA550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://9x9o.com/kvnm11412.txt
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: zapret.exe, 00000002.00000003.2126351836.000001E5BACAF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126145392.000001E5BACAE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126351836.000001E5BAC99000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126017880.000001E5BAC98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125795605.000001E5BAC37000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130117104.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129387145.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133678118.000001E5BA693000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125795605.000001E5BAC37000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125723385.000001E5BAC43000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126532441.000001E5BAC3A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC47000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135435199.000001E5BAC41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: zapret.exe, 00000002.00000003.2126351836.000001E5BACAF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126145392.000001E5BACAE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126351836.000001E5BAC99000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126017880.000001E5BAC98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: zapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: zapret.exe, 00000002.00000003.2129787210.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124805062.000001E5BA75F000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA75E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: zapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlP
Source: zapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: zapret.exe, 00000002.00000003.2129787210.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124805062.000001E5BA75F000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA75E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: zapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125795605.000001E5BAC37000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: zapret.exe, 00000002.00000002.2140895113.000001E5BAFC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128225948.000001E5BAD14000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127735213.000001E5BAD0B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125618583.000001E5BACE5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125950102.000001E5BAD0A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141310911.000001E5BB140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA75C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: zapret.exe, 00000002.00000003.2125083436.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129216941.000001E5BA6C1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132822994.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA697000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126834213.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA698000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127815713.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124471260.000001E5BA340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.o
Source: zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125425535.000001E5BA2C2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA28B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: zapret.exe, 00000002.00000002.2141242595.000001E5BB100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: zapret.exe, 00000002.00000003.2130117104.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129387145.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133678118.000001E5BA693000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: python38.dll.0.drString found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125795605.000001E5BAC37000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125556195.000001E5B80F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123737258.000001E5BA7F2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131642866.000001E5B8090000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128504303.000001E5BA7F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131810018.000001E5B80F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130230399.000001E5BA7F6000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123101489.000001E5BA7F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: zapret.exe, 00000002.00000002.2134701354.000001E5BAA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130117104.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129387145.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133678118.000001E5BA693000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: zapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: zapret.exe, 00000002.00000003.2127638679.000001E5BAC8A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/p
Source: zapret.exe, 00000002.00000003.2087143998.000001E5BA29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125742538.000001E5BACB7000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127308771.000001E5BAC95000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2136184183.000001E5BAC95000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126709262.000001E5BAC91000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125763983.000001E5BACCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: zapret.exe, 00000002.00000002.2133744844.000001E5BA6C2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129216941.000001E5BA6C1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA697000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2089770319.000001E5BA6A9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA698000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2089680194.000001E5BA67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: zapret.exe, 00000002.00000003.2087143998.000001E5BA29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: zapret.exe, 00000002.00000003.2087143998.000001E5BA29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: zapret.exe, 00000002.00000003.2123737258.000001E5BA7F2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128504303.000001E5BA7F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123101489.000001E5BA7F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/
Source: zapret.exe, 00000000.00000003.2083748776.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133249651.000001E5BA480000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: zapret.exe, 00000002.00000003.2087200909.000001E5BA28A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132490133.000001E5BA240000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: zapret.exe, 00000002.00000003.2128822447.000001E5BABD4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123829673.000001E5BABD2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130171255.000001E5BABD4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135042262.000001E5BABDF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122994192.000001E5BABCC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129739410.000001E5BABD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: zapret.exe, 00000002.00000003.2130873480.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126091484.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126781117.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123829673.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122994192.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135068509.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129648044.000001E5BA337000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128182671.000001E5BA337000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: zapret.exe, 00000002.00000002.2133404768.000001E5BA550000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141446483.000001E5BB1E0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141550586.000001E5BB220000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1317585915035783198/xEB5lgFrC_74dy4BYbK4x-2pD0lfx5MQo7EroStC1wKA5bs
Source: zapret.exe, 00000002.00000002.2134128628.000001E5BA860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085827260.000001E5B9AC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086151445.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086257903.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085977887.000001E5B811E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: zapret.exe, 00000002.00000002.2141310911.000001E5BB140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: zapret.exe, zapret.exe, 00000002.00000002.2149012664.00007FF8B7E61000.00000002.00000001.01000000.0000000D.sdmp, zapret.exe, 00000002.00000002.2149848407.00007FF8B8F92000.00000002.00000001.01000000.00000008.sdmp, zapret.exe, 00000002.00000002.2145729497.00007FF8A9394000.00000002.00000001.01000000.0000000C.sdmp, win32api.pyd.0.dr, pythoncom38.dll.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, _win32sysloader.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: zapret.exe, 00000002.00000002.2141041572.000001E5BB040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: zapret.exe, 00000002.00000002.2132108582.000001E5B82B0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085827260.000001E5B9AC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086151445.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086257903.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085977887.000001E5B811E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085827260.000001E5B9AC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086151445.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086257903.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085977887.000001E5B811E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: zapret.exe, 00000002.00000002.2134128628.000001E5BA860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: zapret.exe, 00000002.00000003.2122962578.000001E5B8144000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124427202.000001E5B8149000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128851523.000001E5B8186000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123706689.000001E5B8148000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124693564.000001E5B816A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: zapret.exe, 00000002.00000002.2134701354.000001E5BAA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: zapret.exe, 00000002.00000002.2134630149.000001E5BAA50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: zapret.exe, 00000002.00000002.2134630149.000001E5BAA50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290ttp2
Source: zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125155235.000001E5B80F9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80FA000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128560865.000001E5B810D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130325699.000001E5BA76B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129787210.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: zapret.exe, 00000002.00000003.2125155235.000001E5B80F9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80FA000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128560865.000001E5B810D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130325699.000001E5BA76B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129787210.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: zapret.exe, 00000002.00000003.2123895504.000001E5BA28B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: zapret.exe, 00000002.00000003.2122962578.000001E5B8144000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124427202.000001E5B8149000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132002434.000001E5B816D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123706689.000001E5B8148000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124693564.000001E5B816A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: zapret.exe, 00000002.00000002.2134128628.000001E5BA860000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126052030.000001E5BAC25000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127448572.000001E5BABCC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122994192.000001E5BABCC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC16000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135068509.000001E5BAC17000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: zapret.exe, 00000002.00000003.2123737258.000001E5BA7F2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128504303.000001E5BA7F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123101489.000001E5BA7F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: zapret.exe, 00000002.00000002.2134630149.000001E5BAA50000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2134775838.000001E5BAAD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: zapret.exe, 00000002.00000002.2133404768.000001E5BA550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/12kav.json
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141041572.000001E5BB040000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: zapret.exe, 00000002.00000002.2141310911.000001E5BB140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: zapret.exe, 00000002.00000003.2123077337.000001E5BA351000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129991643.000001E5BA379000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124624606.000001E5BA361000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127858910.000001E5BA378000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126726669.000001E5BA36D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124962229.000001E5BA369000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123981100.000001E5BA360000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132994851.000001E5BA379000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127351026.000001E5BA36D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126126819.000001E5BA36C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: zapret.exe, 00000002.00000002.2134548626.000001E5BAA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: zapret.exe, 00000002.00000002.2134548626.000001E5BAA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyp
Source: zapret.exe, 00000002.00000002.2134414735.000001E5BA970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2144653200.00007FF8A8AF9000.00000002.00000001.01000000.00000012.sdmp, zapret.exe, 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: zapret.exe, 00000002.00000003.2122962578.000001E5B8144000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124427202.000001E5B8149000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128851523.000001E5B8186000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123706689.000001E5B8148000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124693564.000001E5B816A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: zapret.exe, 00000002.00000003.2126709262.000001E5BAC91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126351836.000001E5BAC99000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126017880.000001E5BAC98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: zapret.exe, 00000002.00000003.2125155235.000001E5B80F9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80FA000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128560865.000001E5B810D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130325699.000001E5BA76B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129787210.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F93050 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,2_2_66F93050
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F92240: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy,2_2_66F92240
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C8C700_2_00007FF7279C8C70
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279D509A0_2_00007FF7279D509A
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C94680_2_00007FF7279C9468
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279CB2B00_2_00007FF7279CB2B0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C96500_2_00007FF7279C9650
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279CBE300_2_00007FF7279CBE30
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C96700_2_00007FF7279C9670
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C25600_2_00007FF7279C2560
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F875602_2_66F87560
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F865602_2_66F86560
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F93B902_2_66F93B90
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA36F02_2_66FA36F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FD96A02_2_66FD96A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FE76502_2_66FE7650
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA66402_2_66FA6640
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FAC6202_2_66FAC620
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FD74F52_2_66FD74F5
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FD64502_2_66FD6450
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F945C02_2_66F945C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA05A02_2_66FA05A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA95602_2_66FA9560
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA45202_2_66FA4520
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FAE2302_2_66FAE230
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F953B02_2_66F953B0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F973702_2_66F97370
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA80E02_2_66FA80E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F971D02_2_66F971D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F9B1702_2_66F9B170
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FE71702_2_66FE7170
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA91402_2_66FA9140
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F81E102_2_66F81E10
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FAAFE02_2_66FAAFE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FADFB02_2_66FADFB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FD7F102_2_66FD7F10
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F9FCE02_2_66F9FCE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FFECA02_2_66FFECA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F89C602_2_66F89C60
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FC1C502_2_66FC1C50
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FD6C102_2_66FD6C10
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FE7D702_2_66FE7D70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F87D602_2_66F87D60
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F93D102_2_66F93D10
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F83AC12_2_66F83AC1
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F89AA02_2_66F89AA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FD8A302_2_66FD8A30
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FC8A202_2_66FC8A20
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA7BF02_2_66FA7BF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F838D62_2_66F838D6
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FC18C22_2_66FC18C2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F978902_2_66F97890
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F908322_2_66F90832
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_670009D02_2_670009D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F968102_2_66F96810
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FA78002_2_66FA7800
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FE09F02_2_66FE09F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279D509A2_2_00007FF7279D509A
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C96502_2_00007FF7279C9650
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279CBE302_2_00007FF7279CBE30
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C96702_2_00007FF7279C9670
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C25602_2_00007FF7279C2560
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C8C702_2_00007FF7279C8C70
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C94682_2_00007FF7279C9468
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279CB2B02_2_00007FF7279CB2B0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86012C02_2_00007FF8A86012C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86037582_2_00007FF8A8603758
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86018F02_2_00007FF8A86018F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871FDB02_2_00007FF8A871FDB0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87489D02_2_00007FF8A87489D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87229102_2_00007FF8A8722910
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871191F2_2_00007FF8A871191F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87112B22_2_00007FF8A87112B2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A877CDB42_2_00007FF8A877CDB4
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8716D002_2_00007FF8A8716D00
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A876EF802_2_00007FF8A876EF80
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711BB32_2_00007FF8A8711BB3
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872EFC02_2_00007FF8A872EFC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711E6F2_2_00007FF8A8711E6F
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87113572_2_00007FF8A8711357
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87124782_2_00007FF8A8712478
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87426202_2_00007FF8A8742620
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711BF92_2_00007FF8A8711BF9
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871210D2_2_00007FF8A871210D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87115C82_2_00007FF8A87115C8
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711E6A2_2_00007FF8A8711E6A
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A871B4F02_2_00007FF8A871B4F0
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF7279C2DB0 appears 200 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF7279C2E50 appears 34 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 67022C70 appears 48 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A877BD8F appears 171 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF7279C2CD0 appears 92 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A8711023 appears 479 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A877BE25 appears 92 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 67022C28 appears 65 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 66F9D070 appears 235 times
Source: pyarmor_runtime.pyd.0.drStatic PE information: Number of sections : 11 > 10
Source: zapret.exeStatic PE information: Number of sections : 12 > 10
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2083178231.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2076200739.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2076200739.000001460ADCC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ha vs zapret.exe
Source: zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2083038297.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2082385880.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes38.dll0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs zapret.exe
Source: zapret.exe, 00000000.00000003.2074218567.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs zapret.exe
Source: zapret.exe, 00000000.00000003.2082154412.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom38.dll0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2074967265.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs zapret.exe
Source: zapret.exe, 00000000.00000003.2083380592.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.2076240774.000001460ADCC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs zapret.exe
Source: zapret.exeBinary or memory string: OriginalFilename vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149315480.00007FF8B8B2C000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2148396072.00007FF8B7E1C000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2150069164.00007FF8B9846000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2148722875.00007FF8B7E33000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2150287955.00007FF8BA4F9000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149012664.00007FF8B7E61000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs zapret.exe
Source: zapret.exe, 00000002.00000002.2145209191.00007FF8A8F0F000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149848407.00007FF8B8F92000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamepywintypes38.dll0 vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149548764.00007FF8B8C16000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149439603.00007FF8B8B44000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2145729497.00007FF8A9394000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamepythoncom38.dll0 vs zapret.exe
Source: zapret.exe, 00000002.00000002.2144653200.00007FF8A8AF9000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149058661.00007FF8B8792000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2150180385.00007FF8BA253000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149965759.00007FF8B93DC000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2149669431.00007FF8B8CBA000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2143523401.00007FF8A870B000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs zapret.exe
Source: zapret.exe, 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs zapret.exe
Source: classification engineClassification label: mal56.winEXE@3/32@1/1
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C7E60 FormatMessageW,WideCharToMultiByte,GetLastError,0_2_00007FF7279C7E60
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682Jump to behavior
Source: zapret.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\zapret.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: zapret.exeVirustotal: Detection: 20%
Source: C:\Users\user\Desktop\zapret.exeFile read: C:\Users\user\Desktop\zapret.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: zapret.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: zapret.exeStatic file information: File size 10097908 > 1048576
Source: zapret.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32trace.pdb source: zapret.exe, 00000000.00000003.2083178231.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149243017.00007FF8B8B24000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pythoncom.pdb}},GCTL source: zapret.exe, 00000002.00000002.2145348550.00007FF8A934C000.00000002.00000001.01000000.0000000C.sdmp, pythoncom38.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_ssl.pdb source: zapret.exe, 00000002.00000002.2148301802.00007FF8B7E0D000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2148533468.00007FF8B7E29000.00000002.00000001.01000000.0000000F.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\python3.pdb source: zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149058661.00007FF8B8792000.00000002.00000001.01000000.0000001A.sdmp, python3.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149617126.00007FF8B8CB5000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.0.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: zapret.exe, 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32api.pdb source: zapret.exe, 00000002.00000002.2148968492.00007FF8B7E53000.00000002.00000001.01000000.0000000D.sdmp, win32api.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: zapret.exe, 00000002.00000002.2144453646.00007FF8A8A03000.00000002.00000001.01000000.00000012.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\_win32sysloader.pdb source: zapret.exe, 00000000.00000003.2076200739.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: zapret.exe, 00000002.00000002.2144878021.00007FF8A8DFD000.00000002.00000001.01000000.00000004.sdmp, python38.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: zapret.exe, 00000002.00000002.2149919232.00007FF8B93D1000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149243017.00007FF8B8B24000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32api.pdb!! source: zapret.exe, 00000002.00000002.2148968492.00007FF8B7E53000.00000002.00000001.01000000.0000000D.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zapret.exe, 00000000.00000003.2074967265.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150245976.00007FF8BA4F5000.00000002.00000001.01000000.00000009.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149394683.00007FF8B8B3E000.00000002.00000001.01000000.0000000A.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_queue.pdb source: zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2149503213.00007FF8B8C13000.00000002.00000001.01000000.00000015.sdmp, _queue.pyd.0.dr
Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: zapret.exe, 00000000.00000003.2074218567.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150129915.00007FF8BA24E000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pywintypes.pdb source: zapret.exe, 00000002.00000002.2149741475.00007FF8B8F81000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pywintypes.pdb** source: zapret.exe, 00000002.00000002.2149741475.00007FF8B8F81000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: zapret.exe, 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: zapret.exe, 00000002.00000002.2144453646.00007FF8A8A03000.00000002.00000001.01000000.00000012.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150029817.00007FF8B9843000.00000002.00000001.01000000.00000010.sdmp, select.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: zapret.exe, 00000000.00000003.2082712670.000001460ADC8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141990577.00007FF8A8705000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: zapret.exe, 00000000.00000003.2074218567.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150129915.00007FF8BA24E000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: zapret.exe, 00000000.00000003.2074967265.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2150245976.00007FF8BA4F5000.00000002.00000001.01000000.00000009.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-38\Release\pythoncom.pdb source: zapret.exe, 00000002.00000002.2145348550.00007FF8A934C000.00000002.00000001.01000000.0000000C.sdmp, pythoncom38.dll.0.dr
Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFAEA9D3D [Sun May 27 03:27:57 2103 UTC]
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C15E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7279C15E0
Source: md__mypyc.cp38-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x25d58
Source: _win32sysloader.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xb07b
Source: win32trace.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x145f4
Source: pyarmor_runtime.pyd.0.drStatic PE information: real checksum: 0xa7ade should be: 0x9e984
Source: md.cp38-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xb550
Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x30505
Source: pythoncom38.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xb0750
Source: _psutil_windows.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1f645
Source: pywintypes38.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x27641
Source: win32ui.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x11b4b8
Source: zapret.exeStatic PE information: section name: /4
Source: zapret.exeStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: pyarmor_runtime.pyd.0.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_670230A0 push rsp; ret 2_2_670230BA
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_670230A8 push rsp; ret 2_2_670230BA
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_67022C28 push rax; ret 2_2_67022BE2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_67022BA8 push rax; ret 2_2_67022BE2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_67022BD0 push rax; ret 2_2_67022BE2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_67022BD8 push rax; ret 2_2_67022BE2
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872CD28 pushfq ; retf 0001h2_2_00007FF8A872CD29
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A872CD2C push rbp; retf 0001h2_2_00007FF8A872CD2D
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8733C39 push 28C48348h; ret 2_2_00007FF8A8733C47

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\zapret.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_66F92240
Source: C:\Users\user\Desktop\zapret.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_66F91E90
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\pythoncom38.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md__mypyc.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\select.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\pywintypes38.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md.cp38-win_amd64.pydJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\zapret.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_66F92240
Source: C:\Users\user\Desktop\zapret.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_66F91E90
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C6100 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7279C6100
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\pythoncom38.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\select.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md__mypyc.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\pywintypes38.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65682\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeAPI coverage: 2.6 %
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C85F0 FindFirstFileExW,FindClose,0_2_00007FF7279C85F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C85F0 FindFirstFileExW,FindClose,2_2_00007FF7279C85F0
Source: zapret.exe, 00000000.00000003.2084051744.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: zapret.exe, 00000002.00000002.2133582647.000001E5BA620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWd~<%SystemRoot%\system32\mswsock.dlld
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\zapret.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F82C80 PyEval_GetGlobals,PyFunction_NewWithQualName,_PyObject_CallFunction_SizeT,_Py_Dealloc,PyExc_RuntimeError,PyErr_Format,GetProcAddress,strlen,IsDebuggerPresent,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyExc_RuntimeError,PyErr_Format,PyExc_RuntimeError,PyErr_Format,PyExc_RuntimeError,PyErr_Format,PyExc_SystemExit,PyExc_SystemExit,PyExc_SystemExit,_errno,_errno,_errno,PyExc_SystemExit,_errno,_errno,_Py_Dealloc,_Py_Dealloc,2_2_66F82C80
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C15E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7279C15E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66F945C0 GetComputerNameA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetAdaptersAddresses,HeapFree,strlen,GetProcessHeap,HeapFree,malloc,GetAdaptersAddresses,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersAddresses,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersAddresses,RegOpenKeyExA,RegEnumKeyExA,RegEnumKeyExA,RegGetValueA,strlen,memcmp,RegGetValueA,RegCloseKey,2_2_66F945C0
Source: C:\Users\user\Desktop\zapret.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7279C1154 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,0_2_00007FF7279C1154
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FFF770 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,2_2_66FFF770
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF7279C1154 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,2_2_00007FF7279C1154
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8602A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8602A48
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8603484 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8603484
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A860366C SetUnhandledExceptionFilter,2_2_00007FF8A860366C
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8711D66 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8711D66
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\pywintypes38.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\bkhx5e5t VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\pythoncom38.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md.cp38-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq\gen_py\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq\gen_py\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI65682\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_66FFF690 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_66FFF690
Source: C:\Users\user\Desktop\zapret.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
Bootkit		11
Process Injection		11
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Bootkit		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zapret.exe5%ReversingLabsWin64.Infostealer.Generic
zapret.exe21%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md.cp38-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\psutil\_psutil_windows.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000\pyarmor_runtime.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\python38.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\pythoncom38.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\pywintypes38.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\win32trace.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI65682\win32ui.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://9x9o.com/kvnm11412.txt0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyp0%Avira URL Cloudsafe
http://json.org0%Avira URL Cloudsafe
http://json.o0%Avira URL Cloudsafe
http://json.o0%VirustotalBrowse
http://9x9o.com/kvnm11412.txt4%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyp0%VirustotalBrowse
http://json.org0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
discord.com
162.159.136.232
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://google.com/zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA686000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://mahler:8092/site-updates.pyzapret.exe, 00000002.00000003.2123737258.000001E5BA7F2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128504303.000001E5BA7F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123101489.000001E5BA7F0000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://crl.securetrust.com/SGCA.crlzapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://github.com/giampaolo/psutil/issues/875.zapret.exe, 00000002.00000002.2141310911.000001E5BB140000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://.../back.jpegzapret.exe, 00000002.00000002.2140895113.000001E5BAFC0000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://www.python.org/zapret.exe, 00000002.00000003.2123737258.000001E5BA7F2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128504303.000001E5BA7F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123101489.000001E5BA7F0000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://github.com/mhammond/pywin32zapret.exe, zapret.exe, 00000002.00000002.2149012664.00007FF8B7E61000.00000002.00000001.01000000.0000000D.sdmp, zapret.exe, 00000002.00000002.2149848407.00007FF8B8F92000.00000002.00000001.01000000.00000008.sdmp, zapret.exe, 00000002.00000002.2145729497.00007FF8A9394000.00000002.00000001.01000000.0000000C.sdmp, win32api.pyd.0.dr, pythoncom38.dll.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, _win32sysloader.pyd.0.drfalse
                  		high
                  https://httpbin.org/postzapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/Ousret/charset_normalizerzapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.firmaprofesional.com/cps0zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125742538.000001E5BACB7000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127308771.000001E5BAC95000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2136184183.000001E5BAC95000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126709262.000001E5BAC91000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125763983.000001E5BACCF000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/urllib3/urllib3/issues/3290ttp2zapret.exe, 00000002.00000002.2134630149.000001E5BAA50000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085827260.000001E5B9AC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086151445.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086257903.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085977887.000001E5B811E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/urllib3/urllib3/issues/2920zapret.exe, 00000002.00000002.2134701354.000001E5BAA90000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://crl.securetrust.com/SGCA.crl0zapret.exe, 00000002.00000003.2129787210.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124805062.000001E5BA75F000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA75E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA761000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.python.org/download/releases/2.3/mro/.zapret.exe, 00000002.00000003.2087200909.000001E5BA28A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132490133.000001E5BA240000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                  		high
                                  https://yahoo.com/zapret.exe, 00000002.00000003.2125155235.000001E5B80F9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80FA000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128560865.000001E5B810D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130325699.000001E5BA76B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129787210.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.securetrust.com/STCA.crl0zapret.exe, 00000002.00000003.2129787210.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124805062.000001E5BA75F000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA75E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA761000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA761000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://goo.gl/zeJZl.zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128225948.000001E5BAD14000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127735213.000001E5BAD0B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125618583.000001E5BACE5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125950102.000001E5BAD0A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141310911.000001E5BB140000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://discord.com/api/webhooks/1317585915035783198/xEB5lgFrC_74dy4BYbK4x-2pD0lfx5MQo7EroStC1wKA5bszapret.exe, 00000002.00000002.2133404768.000001E5BA550000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141446483.000001E5BB1E0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141550586.000001E5BB220000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://tools.ietf.org/html/rfc2388#section-4.4zapret.exe, 00000002.00000003.2123077337.000001E5BA351000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129991643.000001E5BA379000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124624606.000001E5BA361000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127858910.000001E5BA378000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126726669.000001E5BA36D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124962229.000001E5BA369000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123981100.000001E5BA360000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132994851.000001E5BA379000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127351026.000001E5BA36D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126126819.000001E5BA36C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6zapret.exe, 00000002.00000002.2133744844.000001E5BA6C2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129216941.000001E5BA6C1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA697000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2089770319.000001E5BA6A9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA698000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2089680194.000001E5BA67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.thawte.com/ThawteTimestampingCA.crl0zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drfalse
                                                		high
                                                https://html.spec.whatwg.org/multipage/zapret.exe, 00000002.00000003.2122962578.000001E5B8144000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124427202.000001E5B8149000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132002434.000001E5B816D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123706689.000001E5B8148000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124693564.000001E5B816A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.quovadisglobal.com/cps0zapret.exe, 00000002.00000003.2130873480.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126091484.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126781117.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123829673.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122994192.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135068509.000001E5BABF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlzapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningszapret.exe, 00000002.00000002.2134414735.000001E5BA970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.rfc-editor.org/rfc/rfc8259#section-8.1zapret.exe, 00000002.00000003.2122962578.000001E5B8144000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124427202.000001E5B8149000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128851523.000001E5B8186000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123706689.000001E5B8148000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124693564.000001E5B816A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963zapret.exe, 00000002.00000002.2134128628.000001E5BA860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.iana.org/time-zones/repository/tz-link.htmlzapret.exe, 00000002.00000003.2087143998.000001E5BA29E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://requests.readthedocs.iozapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2141041572.000001E5BB040000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.dhimyotis.com/certignarootca.crlzapret.exe, 00000002.00000003.2126351836.000001E5BACAF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126145392.000001E5BACAE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126351836.000001E5BAC99000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126017880.000001E5BAC98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://curl.haxx.se/rfc/cookie_spec.htmlzapret.exe, 00000002.00000002.2140895113.000001E5BAFC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ocsp.accv.eszapret.exe, 00000002.00000003.2130117104.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129387145.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133678118.000001E5BA693000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.python.org/dev/peps/pep-0205/zapret.exe, 00000000.00000003.2083748776.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133249651.000001E5BA480000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                          		high
                                                                          http://crl.securetrust.com/SGCA.crlPzapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.cert.fnmt.es/dpcs/pzapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://repository.swisssign.com/zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125795605.000001E5BAC37000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125556195.000001E5B80F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123737258.000001E5BA7F2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131642866.000001E5B8090000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128504303.000001E5BA7F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131810018.000001E5B80F4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130230399.000001E5BA7F6000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123101489.000001E5BA7F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://json.orgzapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125425535.000001E5BA2C2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA28B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA761000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • 0%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyzapret.exe, 00000002.00000002.2134548626.000001E5BAA00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688zapret.exe, 00000002.00000002.2132108582.000001E5B82B0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://python.org/dev/peps/pep-0263/python38.dll.0.drfalse
                                                                                      		high
                                                                                      https://httpbin.org/getzapret.exe, 00000002.00000002.2134128628.000001E5BA860000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126052030.000001E5BAC25000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127448572.000001E5BABCC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122994192.000001E5BABCC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC16000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135068509.000001E5BAC17000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crl.xrampsecurity.com/XGCA.crlzapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://9x9o.com/kvnm11412.txtzapret.exe, 00000002.00000002.2133404768.000001E5BA550000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • 4%, Virustotal, Browse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxypzapret.exe, 00000002.00000002.2134548626.000001E5BAA00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • 0%, Virustotal, Browse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.python.orgzapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.accv.es/legislacion_c.htm0Uzapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://wwww.certigna.fr/autorites/0mzapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126351836.000001E5BAC99000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126017880.000001E5BAC98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://ocsp.accv.es0zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://ocsp.thawte.com0zapret.exe, 00000000.00000003.2075225906.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078145961.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076932673.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2081277086.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075392946.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075721936.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075526089.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082712670.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2080606987.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075088417.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2082522492.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2075852068.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2076015033.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.drfalse
                                                                                                    		high
                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerzapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085827260.000001E5B9AC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086151445.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086257903.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085977887.000001E5B811E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://mail.python.org/pipermail/python-dev/2012-June/120787.html.zapret.exe, 00000002.00000002.2141242595.000001E5BB100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://httpbin.org/zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://wwww.certigna.fr/autorites/zapret.exe, 00000002.00000003.2126709262.000001E5BAC91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlzapret.exe, 00000002.00000003.2087143998.000001E5BA29E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://twitter.com/zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://stackoverflow.com/questions/4457745#4457745.zapret.exe, 00000002.00000002.2141310911.000001E5BB140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.quovadisglobal.com/cpszapret.exe, 00000002.00000003.2128822447.000001E5BABD4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123829673.000001E5BABD2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130171255.000001E5BABD4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2135042262.000001E5BABDF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122994192.000001E5BABCC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129739410.000001E5BABD4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535zapret.exe, 00000002.00000003.2125083436.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129216941.000001E5BA6C1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2132822994.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA697000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126834213.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA698000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127815713.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA340000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124471260.000001E5BA340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syzapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085827260.000001E5B9AC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086151445.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2086257903.000001E5B811A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B8111000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085977887.000001E5B811E000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2085810998.000001E5B9AC5000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://google.com/zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125155235.000001E5B80F9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80FA000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128560865.000001E5B810D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130325699.000001E5BA76B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129787210.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://google.com/mail/zapret.exe, 00000002.00000003.2123895504.000001E5BA28B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://google.com/mail/zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA75C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.securetrust.com/STCA.crlzapret.exe, 00000002.00000003.2129216941.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133744844.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125189517.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127659469.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://wwwsearch.sf.net/):zapret.exe, 00000002.00000003.2125083436.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129648044.000001E5BA337000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127466865.000001E5BA306000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123895504.000001E5BA301000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128182671.000001E5BA337000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127756430.000001E5BA335000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/urllib3/urllib3/issues/3290zapret.exe, 00000002.00000002.2134630149.000001E5BAA50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130117104.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129387145.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA686000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2133678118.000001E5BA693000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127896139.000001E5BA691000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA68C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.accv.es/legislacion_c.htmzapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3zapret.exe, 00000002.00000002.2134701354.000001E5BAA90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://raw.githubusercontent.com/gabjohn3/nb/main/12kav.jsonzapret.exe, 00000002.00000002.2133404768.000001E5BA550000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://crl.xrampsecurity.com/XGCA.crl0zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125795605.000001E5BAC37000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.openssl.org/Hzapret.exe, 00000000.00000003.2078324841.000001460ADC1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2144653200.00007FF8A8AF9000.00000002.00000001.01000000.00000012.sdmp, zapret.exe, 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drfalse
                                                                                                                                                		high
                                                                                                                                                http://crl.certigna.fr/certignarootca.crl01zapret.exe, 00000002.00000003.2126351836.000001E5BACAF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124714386.000001E5BACA0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125842806.000001E5BAC85000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126145392.000001E5BACAE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126351836.000001E5BAC99000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126017880.000001E5BAC98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.cert.fnmt.es/dpcs/zapret.exe, 00000002.00000003.2127638679.000001E5BAC8A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2131859090.000001E5B8113000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://google.com/mailzapret.exe, 00000002.00000003.2125155235.000001E5B80F9000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123278637.000001E5B80E2000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123191249.000001E5B80C4000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123391631.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123312428.000001E5B80EE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128028801.000001E5B80FA000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124017270.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124106402.000001E5B80EF000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124164648.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128637316.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2127391714.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128560865.000001E5B810D000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2130325699.000001E5BA76B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2129787210.000001E5BA76A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://packaging.python.org/specifications/entry-points/zapret.exe, 00000002.00000002.2134630149.000001E5BAA50000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2134775838.000001E5BAAD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.accv.es00zapret.exe, 00000002.00000003.2122667731.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126486446.000001E5BAC68000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124277128.000001E5BAC33000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2126232263.000001E5BAC62000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2125589539.000001E5BAC5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyzapret.exe, 00000002.00000003.2125002040.000001E5B810F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://json.ozapret.exe, 00000002.00000003.2124164648.000001E5BA752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • 0%, Virustotal, Browse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmzapret.exe, 00000002.00000003.2087143998.000001E5BA29E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://foss.heptapod.net/pypy/pypy/-/issues/3539zapret.exe, 00000002.00000002.2134128628.000001E5BA860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.zapret.exe, 00000002.00000003.2122962578.000001E5B8144000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124427202.000001E5B8149000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2128851523.000001E5B8186000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2123706689.000001E5B8148000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2124693564.000001E5B816A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/psf/requests/pull/6710zapret.exe, 00000002.00000002.2141041572.000001E5BB040000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    162.159.136.232
                                                                                                                                                                    		discord.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1575409
                                                                                                                                                                    Start date and time:2024-12-15 13:57:10 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 6m 11s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:3
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample name:zapret.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal56.winEXE@3/32@1/1
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    HCA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    • Number of executed functions: 70
                                                                                                                                                                    • Number of non-executed functions: 284
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    No simulations

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    162.159.136.232S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                    • discord.com/administrator/index.php

                                                                                                                                                                    Domains

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    discord.comBloxflip Predictor.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                    • 162.159.137.232
                                                                                                                                                                    chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 162.159.138.232
                                                                                                                                                                    phost.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                    • 162.159.137.232
                                                                                                                                                                    ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                    • 162.159.136.232
                                                                                                                                                                    shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                    • 162.159.136.232
                                                                                                                                                                    sppawx.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                    • 162.159.135.232
                                                                                                                                                                    ahost.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                    • 162.159.135.232
                                                                                                                                                                    wsapx.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                    • 162.159.136.232
                                                                                                                                                                    WE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                    • 162.159.137.232
                                                                                                                                                                    ozAxx9uGHu.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                    • 162.159.136.232

                                                                                                                                                                    ASNs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    CLOUDFLARENETUShttps://fsharetv.ioGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 104.17.167.186
                                                                                                                                                                    https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                    • 104.21.79.7
                                                                                                                                                                    Merge.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                    • 104.26.1.231
                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                    wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                    AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                    I37faEaz1K.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                    YbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    • 172.67.207.38

                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                    No context

                                                                                                                                                                    Dropped Files

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140.dll3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                      K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                        oKfMLwqaRZ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                            yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                              file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                  IYXE4Uz61k.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                                                                    JtmrbbWy9W.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousRedLineBrowse

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):89752
                                                                                                                                                                                        Entropy (8bit):6.5021374229557996
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                        MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                        SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                        SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                        SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: 3Qv3xyyL5G.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: K6qneGSDSB.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: oKfMLwqaRZ.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: IYXE4Uz61k.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: JtmrbbWy9W.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\VCRUNTIME140_1.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):49744
                                                                                                                                                                                        Entropy (8bit):6.702924040492291
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:qzzO6ujT3MbR3v0Cz6SKLq83yN+iRxw9zv6JmEpw9zF:3q/o1j3c+iIzv6JmEp4zF
                                                                                                                                                                                        MD5:05052BE2C36166FF9646D7D00BB7413F
                                                                                                                                                                                        SHA1:D8D7C4B322D76E3A7B591024C62F15934979FE40
                                                                                                                                                                                        SHA-256:26E470B29BED3D873E0C328186E53F95E9EDBFE0B0FD0CDA44743A0B1A04A828
                                                                                                                                                                                        SHA-512:0460CC66D06DF9A2941607473F3ECCFD909F2ADAB53A3328FADCEDD1B194B388ECA738C2C6C2E193DE33606925FBED1FE39EFA160015128E93F5E3A03C62170D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............\..\..\...]..\...]..\..O\..\..\...\...]..\...]..\...]..\...]..\..#\..\...]..\Rich..\........PE..d...=............." ...*.<...8.......@..............................................U0....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_bz2.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):84040
                                                                                                                                                                                        Entropy (8bit):6.41469022264903
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                        MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                        SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                        SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                        SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_ctypes.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):123464
                                                                                                                                                                                        Entropy (8bit):5.886703955852103
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                        MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                        SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                        SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                        SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_hashlib.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):45640
                                                                                                                                                                                        Entropy (8bit):5.996546047346997
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                        MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                        SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                        SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                        SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_lzma.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):252488
                                                                                                                                                                                        Entropy (8bit):6.080982550390949
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                        MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                        SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                        SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                        SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_queue.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):28232
                                                                                                                                                                                        Entropy (8bit):6.051366978773049
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:bp/aC60HGTPk/ltSA/6rCbCnA/cEXEz65D1IGqUrnYPLxDG4y8xxzzI:bH60HGw/b/6rCb9iKD1IGqUrWDG4yCI
                                                                                                                                                                                        MD5:44B72E0AD8D1E1EC3D8722088B48C3C5
                                                                                                                                                                                        SHA1:E0F41BF85978DD8F5ABB0112C26322B72C0D7770
                                                                                                                                                                                        SHA-256:4AA1BBDE1621C49EDAB4376CF9A13C1AA00A9B0A9905D9640A2694EF92F77D5E
                                                                                                                                                                                        SHA-512:05853F93C6D79D8F9C96519CE4C195B9204DF1255B01329DEAA65E29BD3E988D41454CD305E2199404F587E855737879C330638F2F07BFF11388A49E67BA896C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........k...k...k.......k......k......k......k......k..u....k......k...k..k..u....k..u....k..u.r..k..u....k..Rich.k..................PE..d.....].........." .........8............................................................`..........................................B..L...\B..d....p.......`.......T..H.......l... 3..T............................3...............0..(............................text............................... ..`.rdata.......0......."..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.rsrc........p.......F..............@..@.reloc..l............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_socket.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):78920
                                                                                                                                                                                        Entropy (8bit):6.061178831576516
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                        MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                        SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                        SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                        SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_ssl.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):117832
                                                                                                                                                                                        Entropy (8bit):6.052642675957794
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:x3xozhUCVgMUGSo5iY0nx2bsxSV3QilzQmxLZIG47HZ:p6zh72PGz0nxrmVG
                                                                                                                                                                                        MD5:8EE827F2FE931163F078ACDC97107B64
                                                                                                                                                                                        SHA1:149BB536F3492BC59BD7071A3DA7D1F974860641
                                                                                                                                                                                        SHA-256:EAEEFA6722C45E486F48A67BA18B4ABB3FF0C29E5B30C23445C29A4D0B1CD3E4
                                                                                                                                                                                        SHA-512:A6D24E72BF620EF695F08F5FFDE70EF93F42A3FA60F7C76EB0F521393C595717E05CCB7A61AE216C18FE41E95FB238D82637714CF5208EE8F1DD32AE405B5565
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0.u.0.u.0.u.9...6.u.b.t.2.u.b.p.<.u.b.q.8.u.b.v.2.u..t.6.u.U.t.7.u.0.t.C.u..x.2.u..u.1.u...1.u..w.1.u.Rich0.u.........PE..d.....].........." ................................................................K.....`..........................................S..d...4T..........................H...........`...T............................................................................text...Q........................... ..`.rdata.............................@..@.data...P4...........h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\_win32sysloader.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                        Entropy (8bit):5.115421390329823
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:xOCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPXRD0QpHvcqvn7ycIt/z/:xOardA0Bzx14r6nDZJhv+L/
                                                                                                                                                                                        MD5:DC2B691495107A597281EECF8FE49258
                                                                                                                                                                                        SHA1:B07F274B0C8120C8F9DEFC9C9E98CEEF02818FF1
                                                                                                                                                                                        SHA-256:B155B2F3310E35F2AE40C89726453CBDBA48632A854192D78A9A7B634C310255
                                                                                                                                                                                        SHA-512:1D12902BDA5645A92D2FABB93365E1A76FB1C30EF5865B17FD7A54A90FAAB61F4B238AF471C30A20080C8DDF06BEC983010FD9E10EFAE0C85BCB5B4A0ABECDF9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f...............................................................................................Rich............................PE..d...L..g.........." ......................................................................`..........................................;..`...p;..d....p..l....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...l....p.......4..............@..@.reloc..@............8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):794220
                                                                                                                                                                                        Entropy (8bit):5.494295852996158
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24576:uhidrOtosQNRs54PK4IMTVw596fCEkXKR326:uhidrOtosQNRs54PK4I19MH
                                                                                                                                                                                        MD5:C266ABAD6D3A7E0F93C24D7A8B9C1409
                                                                                                                                                                                        SHA1:643FC671BA3B1EB15EF4F5885E9B20C546BA0F83
                                                                                                                                                                                        SHA-256:6437D25A404A144D518249D4CCBE546EEA5DA2A5BD5CF8A737FD287B05D004A9
                                                                                                                                                                                        SHA-512:2C27258A7DD74A81F6E046C27A9C88BC4D50C271770DEE5387AE579B6F9B472CD6800AA55C4EF0B6709075EFA7EBC00E34639D173E0CB3AEA8BCD633709AFA25
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:PK..........!...2............._bootlocale.pycU............e.....................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\certifi\cacert.pem

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):299427
                                                                                                                                                                                        Entropy (8bit):6.047872935262006
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                        MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                        SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                        SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                        SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md.cp38-win_amd64.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                        Entropy (8bit):4.82244276484902
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:G03K74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGktCFVCVAZ0fcX6g8H4a81:SFCk2z1/t12iwU5usJFICC4cqgg
                                                                                                                                                                                        MD5:19286C0938EE5B29D916B4035E539200
                                                                                                                                                                                        SHA1:FA74A9047A3DFCFE3F4F305B8D61267FB16B0650
                                                                                                                                                                                        SHA-256:CBCB25410A11775DF37DCF4809B6EC5D6F3AA1E997C8AC8CD3FAA2C155121693
                                                                                                                                                                                        SHA-512:3B849F2D727FA902E92DBBD8D93254CF3D7E7410269E45334D935C7D3B7FD1480A658066F2550DA26AAC5D978D16E0B12BF39DC4FC7C10E4C3C169BD5963124F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...B...B...K.X.@...R...@.......@...R...A...R...J...R...I......A...B...d.......C.......C.....4.C.......C...RichB...........PE..d....".g.........." ...).....................................................p............`..........................................'..l...\(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):120832
                                                                                                                                                                                        Entropy (8bit):5.898330437655099
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:Wd/i8g30pUQTpLwNo80GYVqr5wfgB2e/amZB:WVoMrgoe/PZB
                                                                                                                                                                                        MD5:D702A14B17BCD02C9AD1CE8137D925AA
                                                                                                                                                                                        SHA1:7A26ED8CCC3EBA1F97DA7CCADA58B043945B7575
                                                                                                                                                                                        SHA-256:98C04FDC308F1D6388BB129F0101F88EBB020AEB8116F280129E19CDCB832D8D
                                                                                                                                                                                        SHA-512:02515C6128B2A7909D0B2E43B0D253E331BDBAEB3DF786C9692612703C7E9FD0F7B6CB8E13954F63A0DF6B671D83DD6C021C7F68C965E336A74BDF7057986E00
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rQy.60..60..60..?H..>0..&...40..}H..40..&...50..&...>0..&...;0...D..50..60...0..~...70..~...70..~...70..~...70..Rich60..........PE..d....".g.........." ...).0...........3....................................... ............`.............................................`.......................@...................@y...............................x..@............@...............................text..../.......0.................. ..`.rdata..0Y...@...Z...4..............@..@.data....=.......0..................@....pdata..@...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\libcrypto-1_1.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):3381792
                                                                                                                                                                                        Entropy (8bit):6.094908167946797
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                        MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                        SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                        SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                        SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\libffi-7.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):32792
                                                                                                                                                                                        Entropy (8bit):6.372276555451265
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                        MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                        SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                        SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                        SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\libssl-1_1.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):686112
                                                                                                                                                                                        Entropy (8bit):5.528877787845415
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:3L6MSpHovlo4qL7a3ZV9CblMOoAXToRtrBZf3Fb85BO9K9pB3TLPDdOU2lvz8:wIAL7a3heSFZf2Pq63HJOU2lvz
                                                                                                                                                                                        MD5:FE1F3632AF98E7B7A2799E3973BA03CF
                                                                                                                                                                                        SHA1:353C7382E2DE3CCDD2A4911E9E158E7C78648496
                                                                                                                                                                                        SHA-256:1CE7BA99E817C1C2D71BC88A1BDD6FCAD82AA5C3E519B91EBD56C96F22E3543B
                                                                                                                                                                                        SHA-512:A0123DFE324D3EBF68A44AFAFCA7C6F33D918716F29B063C72C4A8BD2006B81FAEA6848F4F2423778D57296D7BF4F99A3638FC87B37520F0DCBEEFA3A2343DE0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8<..YRT.YRT.YRT.!.T.YRT.1SU.YRT.?SU.YRT.1WU.YRT.1VU.YRT.1QU.YRTf0SU.YRT.YST.XRTf0VU.YRTf0RU.YRTf0.T.YRTf0PU.YRTRich.YRT................PE..d....k.].........." ..... ...D.......$...............................................2....`..............................................N...%..........s........K...^.. .......D.......8........................... ................................................text...7........ .................. ..`.rdata...#...0...$...$..............@..@.data...1M...`...D...H..............@....pdata...S.......T..................@..@.idata..rV.......X..................@..@.00cfg.......p.......8..............@..@.rsrc...s............:..............@..@.reloc..!............B..............@..B........................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\mfc140u.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):5653536
                                                                                                                                                                                        Entropy (8bit):6.729079283804055
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                        MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                        SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                        SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                        SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\psutil\_psutil_windows.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                        Entropy (8bit):5.909456553599775
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                        MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                        SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                        SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                        SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):630272
                                                                                                                                                                                        Entropy (8bit):6.2012607004318845
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:cs1ibNzQ0d7ctjdcg7fUoPpj50XnEYyk:ratctjdcg7fUoPpj50XnJ
                                                                                                                                                                                        MD5:D3D894DC8DD9FD5E3920E5E192F59D7C
                                                                                                                                                                                        SHA1:A8100055393868268191AF8556E272388C6E0F54
                                                                                                                                                                                        SHA-256:6473D2FBB715D6913AD304056042C62714AAF91F2B170B5C6EE13B6262B354F1
                                                                                                                                                                                        SHA-512:BAF03A83B6FB6CC4486CEF2F9A001819D743A796DBEC26A4D499DA50C1969973C7B6868230E19B78BDFFD2976601ECA362EC9F92A9301C9145BB4201C0D8F8BA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".............h..0..........f.....................................z........ .........................................].... ..03...........@...$..........................................@...(...................(+...............................text...............................`.P`.data....F... ...H..................@.`..rdata.......p.......P..............@.`@.pdata...$...@...$..................@.0@.xdata...&...p...(...8..............@.0@.bss.....f............................`..edata..]............`..............@.0@.idata..03... ...4...b..............@.0..CRT....X....`......................@.@..tls.........p......................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\python3.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):58952
                                                                                                                                                                                        Entropy (8bit):5.849953914987793
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:oS99q+0o22ByfbEap+VCBQ53gUiT5pLFdBk4/yFi1nuVwWBjChtFyrUdmd9RSxDD:79xiEAnUvdK1IGV0QyrI
                                                                                                                                                                                        MD5:7ACEC875D5672E7AA148B8C40DF9AA49
                                                                                                                                                                                        SHA1:96B8CFABE0CFA3DF32995919AC77CFDEEC26F1F2
                                                                                                                                                                                        SHA-256:D96858E433F45917499DBF5E052E56F079FF9AE259FD3CAA025C3B1DAF852891
                                                                                                                                                                                        SHA-512:1208DA62FE82B779EC822AD702F9CA4321B34EE590C28E10EFE9A2DB6D582BFDCAE01AB2431C1A98714EF0C60434D64C58F3DB31BF5886EFBB943ADC70D6E975
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.N.l..d.N.d..d.N..d.N.f..d.Rich.d.........PE..d.....].........." .....................................................................`.........................................` ..@...............................H............ ..T............................................................................text............................... ..`.rdata..d.... ......................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\python38.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):4183112
                                                                                                                                                                                        Entropy (8bit):6.420172758698049
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                        MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                        SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                        SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                        SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\pythoncom38.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):673280
                                                                                                                                                                                        Entropy (8bit):6.0419437910215255
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:Ve+P6+MWPDCpiqo/r/wm/tx61waoXe1a84TkOz4ApSVIHs4ppdUKsGZ7QXlf:VelBcDh/wmVw1ayoFPppdUl
                                                                                                                                                                                        MD5:F0392A9234F19A7312749E32B7C2AABC
                                                                                                                                                                                        SHA1:3A06EB7FE07F4F72C43D44C84B0E8D0CF45B6B7B
                                                                                                                                                                                        SHA-256:3890C952D049677351D50B940793E82FB9F065AC77A97CD228C187616BE1687E
                                                                                                                                                                                        SHA-512:B81E1DE6083123CFEBF360F0FEFD0DC18FC6B361BB2B4A8249D71D77B9BB2E275C854998142A2774200D1864D3CAFC706F5D0CA9238E0EC859B3578922FCB698
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R0.~.Q.-.Q.-.Q.-.).-.Q.-D$.,.Q.-D$.,.Q.-D$.,.Q.-D$.,.Q.-.$.,.Q.-]).,.Q.-.%.,.Q.-]).,.Q.-.Q.-BP.-.$.,GQ.-.$.,.Q.-.$.,.Q.-Rich.Q.-........PE..d...x..g.........." ......................................................................`.........................................@`...c..............\....@...z............... ......T........................... ...8............................................text...3........................... ..`.rdata..T/.......0..................@..@.data....L..........................@....pdata...z...@...|..................@..@.rsrc...\............ ..............@..@.reloc... ......."...$..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\pywintypes38.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):136192
                                                                                                                                                                                        Entropy (8bit):5.993915222442933
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:cXt1g7xR7WsXCBcyohpY/rjYarWSbJm/fEJTdXSwd0Lxwp:cXXg7xNFXC8Y/rxbbJmnEVdXSuQ
                                                                                                                                                                                        MD5:7F960B22965D51F44D3046F3930D3471
                                                                                                                                                                                        SHA1:DEFC4A353F6A14E316C1FE4085180CECA9EE6CE0
                                                                                                                                                                                        SHA-256:D2DF2F815AB392812399143D6CB661C807449FA8409FD126F39F656769B8A728
                                                                                                                                                                                        SHA-512:FA4484DBFA3E13F0FA1C4F1CF1DA0C3F76DE157586B49165A400EADBF9A7EFFAF318AA33A7A222F927222531107977FB7BE7CD62E4623B31B111E21AC4EDFD0C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........YE+I8+xI8+xI8+x@@.xE8+x.M*yM8+x/W.xH8+x.M.y]8+x.M/yA8+x.M(yJ8+x.@/yH8+x.L*yK8+x.@*yB8+xI8*x.8+x.M"yD8+x.M+yH8+x.M)yH8+xRichI8+x........................PE..d...,..g.........." .........................................................`............`.............................................lB......,....@..d.... ...............P..0....b..T............................c..8............................................text...Y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...d....@......................@..@.reloc..0....P......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\select.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):26696
                                                                                                                                                                                        Entropy (8bit):6.101296746249305
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                        MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                        SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                        SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                        SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\unicodedata.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1096264
                                                                                                                                                                                        Entropy (8bit):5.343512979675051
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                        MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                        SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                        SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                        SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\win32api.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):133120
                                                                                                                                                                                        Entropy (8bit):5.86120949149104
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:3wBdzUgdnhvjZXA2SRJzlRVFhLaNzvblJTqQvmP+0NfAdWe:3wsgdRjZXA2+tlRVgvZRqQ10Vy
                                                                                                                                                                                        MD5:01196228998669ACFD2A4AA7E1E18A26
                                                                                                                                                                                        SHA1:A7C3C59CB120EF75CA6F9A7A2E035783CD5933BB
                                                                                                                                                                                        SHA-256:DA256A6EEB9C5512E869CA5452EC373A7C3AA8BE13AFEB76FD650738A5ADFBEC
                                                                                                                                                                                        SHA-512:A2C627978B33A0FB8DDBEB7FF8C920F7BC357736D5C981A3F003ADF1CD8E6CB51B17FDF5847B98D024C3FF721550A5E8209B735E027110FF75ED56A10498C117
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V@m..@m..@m..I...Hm......Dm......Hm......Dm......Bm......Bm......Wm......Km..@m...l......Bm......Am......Am..Rich@m..................PE..d...O..g.........." ................8........................................P............`................................................d........0..T....................@..X....w..T............................<..8............0......d...@....................text...D........................... ..`.rdata.......0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...T....0......................@..@.reloc..X....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\win32trace.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                        Entropy (8bit):5.281734532194338
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:tYGx6lLxGhN0H2So0JVPls+0T8DqqpqkW87P0bkZ5yn9g1BT:zl0WCaNkW87cSUuB
                                                                                                                                                                                        MD5:3122A07137DEA2F663F0F5A57C68306A
                                                                                                                                                                                        SHA1:9EA6A6DC321993F5EB1185F674B515BDF851718D
                                                                                                                                                                                        SHA-256:B6AE09668425F318E2A56286F635EFC591B92C14870085A485A65A6E40F3A0C0
                                                                                                                                                                                        SHA-512:98B2D850F79FCD4DF2D57C4692EFB08B550A20DDDB38C4A95CE794B78A1F84FD1AD7EA21A5845C364AC79523F668C4350628FDF7D7DABF4056DD07F25B67C6AE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r$(U6EF.6EF.6EF.?=..2EF.d0G.4EF.d0C.<EF.d0B.>EF.d0E.5EF..0G.4EF..1G.4EF.}=G.3EF.6EG.{EF..0O.7EF..0F.7EF..0D.7EF.Rich6EF.........PE..d...G..g.........." .....*...........'....................................................`..........................................Q..T....Q..........\....p.......................G..T...........................PH..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...\............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI65682\win32ui.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1146880
                                                                                                                                                                                        Entropy (8bit):6.055737484366553
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:A8kQJhn+6cxX9KOcol6NRn2Ri0VRxRz5jAs7FYyk2+wwZ8Oq:ANP6c8oiRnP2RFUsRY2+V8
                                                                                                                                                                                        MD5:0E754914E42F2220C530A0212293BF51
                                                                                                                                                                                        SHA1:242220538FBE59D141B44895FC8054FDB1A8358D
                                                                                                                                                                                        SHA-256:CDFAF61B88C03F8C35BC0476A5CB85365B591787EE1B2FFEF264BFC570C9524A
                                                                                                                                                                                        SHA-512:CDF127981996C2AFA94E09E0D9CEDF5D6F3512EF3F2505C9616EBD21F5B0BA4E5A1E1069AED84D1111A400BBCA8AED904948F91D47B961076A50528DD02A1E7A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.K;...;...;...2a].1....l..9....m..9...pa..5...il..3...il..?...il..-...;...3...il..<....l.......l..:....l1.:....l..:...Rich;...................PE..d...E..g.........." .........t.............................................. ............`..........................................1...T......h...............................`\......T.......................(...@...8............ ...0...........................text...0........................... ..`.rdata....... ......................@..@.data...............................@....pdata...............r..............@..@.rsrc...............................@..@.reloc..`\.......^..."..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\bkhx5e5t

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                        Entropy (8bit):2.0
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:qn:qn
                                                                                                                                                                                        MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                        SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                        SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                        SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:blat

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq\gen_py\__init__.py

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                        Entropy (8bit):4.713840781302666
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                        MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                        SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                        SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                        SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpnnnuhjtq\gen_py\dicts.dat

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):10
                                                                                                                                                                                        Entropy (8bit):2.7219280948873625
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:qW6:qW6
                                                                                                                                                                                        MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                        SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                        SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                        SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:..K....}..

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                        Entropy (8bit):7.996174585998191
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 74.95%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 12.51%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 12.50%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                                                                                                                                        File name:zapret.exe
                                                                                                                                                                                        File size:10'097'908 bytes
                                                                                                                                                                                        MD5:9327bcb9ae5148a036f68878d44847ae
                                                                                                                                                                                        SHA1:5c1b9bc39ce084ddced90212a0fd9f09b5285068
                                                                                                                                                                                        SHA256:4d8cef197e1744069b1882512cb69e2695afd7345b1eb3926b0f09d0ad2c1c4b
                                                                                                                                                                                        SHA512:c574c09b5d080fcb4600feba539e48d2d6985ff01f96aef059cf78846f88605b0203cf0073b3e968b10e3deb0fa5f0a1fee84b460dbfd6274d0dbe37de1f6638
                                                                                                                                                                                        SSDEEP:196608:+guWJysVYvsOtV1Z2azjvj8p5drY+0OoyMxxvjDDAxB9GiZX38DPn+vx:wWJeVlj87dqOoyMxtDDAxZR3WnI
                                                                                                                                                                                        TLSH:ECA63372C3E25D8AE1BA0030D56495F12962F9690B109C2BCA695B797F83FF47FB84D0
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....]g.@.............(.x...2.................@..........................................`................................

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:4a464cd47461e179

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x1400010f6
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                        Time Stamp:0x675DE7C1 [Sat Dec 14 20:17:05 2024 UTC]
                                                                                                                                                                                        TLS Callbacks:0x4000ccd0, 0x1, 0x4000cd90, 0x1
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:9311b4eddd1038b1495848c7c4de8671

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 30h
                                                                                                                                                                                        mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [0001F854h]
                                                                                                                                                                                        mov dword ptr [eax], 00000001h
                                                                                                                                                                                        call 00007F29507E2FF2h
                                                                                                                                                                                        mov dword ptr [ebp-04h], eax
                                                                                                                                                                                        nop
                                                                                                                                                                                        nop
                                                                                                                                                                                        mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        add esp, 30h
                                                                                                                                                                                        pop ebp
                                                                                                                                                                                        ret
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 30h
                                                                                                                                                                                        mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [0001F825h]
                                                                                                                                                                                        mov dword ptr [eax], 00000000h
                                                                                                                                                                                        call 00007F29507E2FC3h
                                                                                                                                                                                        mov dword ptr [ebp-04h], eax
                                                                                                                                                                                        nop
                                                                                                                                                                                        nop
                                                                                                                                                                                        mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        add esp, 30h
                                                                                                                                                                                        pop ebp
                                                                                                                                                                                        ret
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 70h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov dword ptr [ebp-10h], 00000000h
                                                                                                                                                                                        mov dword ptr [ebp-1Ch], 00000030h
                                                                                                                                                                                        mov eax, dword ptr [ebp-1Ch]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov dword ptr [ebp-28h], eax
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [ebp-28h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [eax+08h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov dword ptr [ebp-18h], eax
                                                                                                                                                                                        mov dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                        jmp 00007F29507E2FD3h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        cmp eax, dword ptr [ebp-18h]
                                                                                                                                                                                        jne 00007F29507E2FBBh
                                                                                                                                                                                        mov dword ptr [ebp-04h], 00000001h
                                                                                                                                                                                        jmp 00007F29507E2FF7h
                                                                                                                                                                                        mov ecx, 000003E8h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [00034526h]
                                                                                                                                                                                        call eax
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [0001F7FDh]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov dword ptr [ebp-30h], eax
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [ebp-18h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov dword ptr [ebp+00h], eax

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x350000x15c4.idata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x390000xf494.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x240000xf0c.pdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x490000x154.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x1fb400x28.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x355780x4e8.idata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x176a80x178009f7f0d1618711ec9a3f192be61c8e41aFalse0.44058552194148937data6.152224113370007IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0x190000x1300x2000360375d9ff0180f5574981541386aa4False0.189453125data1.3483167194859027IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rdata0x1a0000x83600x8400087c6fc1a64e7ea6ab738c0ca1e4e5eaFalse0.4768288352272727data6.546395249456785IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        /40x230000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .pdata0x240000xf0c0x1000f086dfc9966a16303f07ac6f695caf59False0.459716796875data4.917918989003918IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .xdata0x250000xf280x1000ad3722de309a09addba6cc69fbfa743cFalse0.228759765625shared library4.271522356163376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .bss0x260000xeff00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .idata0x350000x15c40x16004152028cb8a68f62f403c1ea5aa455f1False0.3270596590909091data4.427100259095057IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .CRT0x370000x600x20050ab408ef0610e02b37f12ae38bbc958False0.06640625data0.29046607431271465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .tls0x380000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rsrc0x390000xf4940xf6008f1e755314f9e1a2a5c307c4e4ca9fc1False0.8035600863821138data7.555503971609621IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x490000x1540x2005c544fc71a74c2b41414bb7f3fe41253False0.529296875data3.743194766435929IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                        RT_ICON0x392080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                        RT_ICON0x3a0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                        RT_ICON0x3a9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                        RT_ICON0x3aec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                        RT_ICON0x443ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                        RT_ICON0x469940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                        RT_ICON0x47a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                        RT_GROUP_ICON0x47ea40x68data0.7019230769230769
                                                                                                                                                                                        RT_MANIFEST0x47f0c0x586XML 1.0 document, ASCII text, with CRLF line terminators0.44554455445544555

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        ADVAPI32.dllConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
                                                                                                                                                                                        COMCTL32.dllLoadIconMetric
                                                                                                                                                                                        GDI32.dllCreateFontIndirectW, DeleteObject, SelectObject
                                                                                                                                                                                        KERNEL32.dllCloseHandle, CreateDirectoryW, CreateProcessW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, __C_specific_handler
                                                                                                                                                                                        msvcrt.dll___lc_codepage_func, ___mb_cur_max_func, __argc, __iob_func, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _commode, _errno, _filelengthi64, _fileno, _findclose, _fileno, _fmode, _get_osfhandle, _getpid, _initterm, _lock, _onexit, _setmode, _snwprintf, _stat64, _strdup, _unlock, _wcmdln, _wcsdup, _wcsdup, _wfindfirst64, _wfindnext64, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wstat64, _wtempnam, abort, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fsetpos, fwprintf, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setbuf, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs
                                                                                                                                                                                        USER32.dllCreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongPtrW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongPtrW, SystemParametersInfoW

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 15, 2024 13:58:09.595041990 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:09.595132113 CET44349705162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:09.595225096 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:09.595984936 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:09.596024036 CET44349705162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:10.823537111 CET44349705162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:10.824232101 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.824263096 CET44349705162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:10.826426029 CET44349705162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:10.826533079 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.827280045 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.827424049 CET49705443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.832278013 CET49706443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.832338095 CET44349706162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:10.832427979 CET49706443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.832721949 CET49706443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:10.832731962 CET44349706162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:12.055581093 CET44349706162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:12.055911064 CET49706443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:12.055943966 CET44349706162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:12.057610035 CET44349706162.159.136.232192.168.2.5
                                                                                                                                                                                        Dec 15, 2024 13:58:12.057677984 CET49706443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:12.058106899 CET49706443192.168.2.5162.159.136.232
                                                                                                                                                                                        Dec 15, 2024 13:58:12.058223963 CET49706443192.168.2.5162.159.136.232

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 15, 2024 13:58:09.452305079 CET5214353192.168.2.51.1.1.1
                                                                                                                                                                                        Dec 15, 2024 13:58:09.590996981 CET53521431.1.1.1192.168.2.5

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 15, 2024 13:58:09.452305079 CET192.168.2.51.1.1.10x890Standard query (0)discord.comA (IP address)IN (0x0001)false

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 15, 2024 13:58:09.590996981 CET1.1.1.1192.168.2.50x890No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 15, 2024 13:58:09.590996981 CET1.1.1.1192.168.2.50x890No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 15, 2024 13:58:09.590996981 CET1.1.1.1192.168.2.50x890No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 15, 2024 13:58:09.590996981 CET1.1.1.1192.168.2.50x890No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 15, 2024 13:58:09.590996981 CET1.1.1.1192.168.2.50x890No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false

                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:07:58:05
                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\zapret.exe"
                                                                                                                                                                                        Imagebase:0x7ff7279c0000
                                                                                                                                                                                        File size:10'097'908 bytes
                                                                                                                                                                                        MD5 hash:9327BCB9AE5148A036F68878D44847AE
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:07:58:07
                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\zapret.exe"
                                                                                                                                                                                        Imagebase:0x7ff7279c0000
                                                                                                                                                                                        File size:10'097'908 bytes
                                                                                                                                                                                        MD5 hash:9327BCB9AE5148A036F68878D44847AE
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:6.2%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:11.8%
                                                                                                                                                                                          Total number of Nodes:1137
                                                                                                                                                                                          Total number of Limit Nodes:15
                                                                                                                                                                                          execution_graph 9231 7ff7279c10f6 9234 7ff7279c1154 9231->9234 9235 7ff7279c118b 9234->9235 9236 7ff7279c11f1 _amsg_exit 9235->9236 9237 7ff7279c11fd 9235->9237 9238 7ff7279c1232 9236->9238 9237->9238 9239 7ff7279c120a _initterm 9237->9239 9240 7ff7279c124a _initterm 9238->9240 9241 7ff7279c1270 9238->9241 9239->9238 9240->9241 9250 7ff7279c147c 9241->9250 9243 7ff7279c1309 9255 7ff7279ccbb0 9243->9255 9246 7ff7279c1350 exit 9247 7ff7279c135d 9246->9247 9248 7ff7279c1367 _cexit 9247->9248 9249 7ff7279c1117 9247->9249 9248->9249 9251 7ff7279c14a2 9250->9251 9252 7ff7279c1558 9251->9252 9253 7ff7279c14bd 9251->9253 9252->9243 9254 7ff7279c14dc malloc memcpy 9253->9254 9254->9251 9257 7ff7279ccbd6 9255->9257 9256 7ff7279ccc58 memset 9258 7ff7279ccc7f 9256->9258 9257->9256 9261 7ff7279c16d0 9258->9261 9332 7ff7279c8170 9261->9332 9263 7ff7279c16f3 9339 7ff7279c21b0 calloc 9263->9339 9269 7ff7279c6310 FreeLibrary 9295 7ff7279c3f26 9269->9295 9270 7ff7279c3b9a 9270->9295 9353 7ff7279c6fc0 9270->9353 9271 7ff7279c61b0 4 API calls 9271->9295 9274 7ff7279c3be7 9277 7ff7279c3d50 9274->9277 9278 7ff7279c3bf3 9274->9278 9275 7ff7279c3fea fclose 9275->9295 9276 7ff7279c20b0 41 API calls 9300 7ff7279c3c4e 9276->9300 9360 7ff7279c70b0 9277->9360 9280 7ff7279c6fc0 15 API calls 9278->9280 9281 7ff7279c3bff 9280->9281 9283 7ff7279c3c38 9281->9283 9286 7ff7279c3f00 9281->9286 9287 7ff7279c3c1b free 9281->9287 9282 7ff7279c3d58 9363 7ff7279c20b0 9282->9363 9288 7ff7279c70b0 12 API calls 9283->9288 9296 7ff7279c20b0 41 API calls 9286->9296 9291 7ff7279c70b0 12 API calls 9287->9291 9292 7ff7279c3c40 9288->9292 9290 7ff7279c2cd0 10 API calls 9290->9295 9291->9283 9297 7ff7279c20b0 41 API calls 9292->9297 9293 7ff7279c3d6e 9298 7ff7279c3520 10 API calls 9293->9298 9294 7ff7279c3c90 SetDllDirectoryW 9299 7ff7279c6170 12 API calls 9294->9299 9295->9269 9295->9271 9295->9275 9295->9290 9295->9300 9501 7ff7279c5ee0 9295->9501 9529 7ff7279c6100 9295->9529 9632 7ff7279c6430 9295->9632 9311 7ff7279c3d84 9296->9311 9297->9300 9298->9311 9299->9300 9300->9276 9300->9294 9300->9295 9302 7ff7279c61b0 4 API calls 9300->9302 9306 7ff7279c3cb9 strcmp 9300->9306 9312 7ff7279c3cf1 strcpy 9300->9312 9322 7ff7279c3eb2 9300->9322 9397 7ff7279c5cc0 9300->9397 9414 7ff7279c61b0 9300->9414 9423 7ff7279c3580 9300->9423 9431 7ff7279c7050 9300->9431 9470 7ff7279c8220 9300->9470 9483 7ff7279c3b20 9300->9483 9301 7ff7279c3e3e 9393 7ff7279c6170 calloc 9301->9393 9302->9306 9306->9300 9307 7ff7279c3d0a 9306->9307 9486 7ff7279c3aa0 9307->9486 9311->9275 9311->9295 9311->9301 9374 7ff7279c43b0 9311->9374 9380 7ff7279c7d40 malloc 9311->9380 9389 7ff7279c3520 9311->9389 9312->9307 9315 7ff7279c3d1a 9317 7ff7279c6310 FreeLibrary 9315->9317 9319 7ff7279c3d2e 9317->9319 9320 7ff7279c61b0 4 API calls 9319->9320 9321 7ff7279c1340 9320->9321 9321->9246 9321->9247 9436 7ff7279c79a0 9322->9436 9324 7ff7279c3ec8 9448 7ff7279c6310 9324->9448 9327 7ff7279c61b0 4 API calls 9328 7ff7279c3ede 9327->9328 9329 7ff7279c3eeb 9328->9329 9454 7ff7279c7470 9328->9454 9495 7ff7279c21f0 9329->9495 9335 7ff7279c818e 9332->9335 9333 7ff7279c81e9 9333->9263 9335->9333 9336 7ff7279c81c1 9335->9336 9638 7ff7279c8050 9335->9638 9337 7ff7279c81d0 free 9336->9337 9337->9337 9338 7ff7279c81e1 free 9337->9338 9338->9333 9340 7ff7279c21cd 9339->9340 9342 7ff7279c21c8 9339->9342 9692 7ff7279c2e50 9340->9692 9342->9295 9343 7ff7279c42f0 9342->9343 9700 7ff7279ce240 9343->9700 9345 7ff7279c42fc GetModuleFileNameW 9346 7ff7279c4348 9345->9346 9347 7ff7279c431c 9345->9347 9349 7ff7279c2db0 10 API calls 9346->9349 9348 7ff7279c8050 13 API calls 9347->9348 9350 7ff7279c432d 9348->9350 9351 7ff7279c433a 9349->9351 9350->9351 9702 7ff7279c2cd0 9350->9702 9351->9270 9354 7ff7279c6fcb 9353->9354 9355 7ff7279c8220 10 API calls 9354->9355 9356 7ff7279c6fe0 GetEnvironmentVariableW 9355->9356 9357 7ff7279c7008 ExpandEnvironmentStringsW 9356->9357 9359 7ff7279c6ff6 9356->9359 9358 7ff7279c8050 13 API calls 9357->9358 9358->9359 9359->9274 9361 7ff7279c8220 10 API calls 9360->9361 9362 7ff7279c70c3 SetEnvironmentVariableW free 9361->9362 9362->9282 9707 7ff7279c1a80 9363->9707 9366 7ff7279c20df 9366->9286 9366->9293 9367 7ff7279c1a80 fputc 9368 7ff7279c210b 9367->9368 9368->9366 9710 7ff7279c4040 9368->9710 9373 7ff7279c2158 fclose 9373->9366 9375 7ff7279c43bd 9374->9375 9376 7ff7279c8220 10 API calls 9375->9376 9377 7ff7279c43de 9376->9377 9378 7ff7279c8220 10 API calls 9377->9378 9379 7ff7279c43ef _wfopen 9378->9379 9379->9311 9381 7ff7279c7d6f 9380->9381 9388 7ff7279c7e29 free 9380->9388 9383 7ff7279cf2d0 2 API calls 9381->9383 9384 7ff7279c7d7f 9383->9384 9384->9388 9780 7ff7279cf3c0 9384->9780 9386 7ff7279c7d8f 9387 7ff7279cf2d0 2 API calls 9386->9387 9386->9388 9387->9386 9388->9311 9391 7ff7279c353a 9389->9391 9392 7ff7279c3540 9389->9392 9391->9311 9392->9391 9785 7ff7279c1ab0 9392->9785 9394 7ff7279c6188 9393->9394 9395 7ff7279c618d 9393->9395 9394->9300 9396 7ff7279c2e50 11 API calls 9395->9396 9396->9394 9398 7ff7279c5e30 9397->9398 9399 7ff7279c5ce5 9397->9399 9400 7ff7279c5e0d 9398->9400 9401 7ff7279c5e57 9398->9401 9405 7ff7279c1ab0 10 API calls 9398->9405 9402 7ff7279c5cf7 strncpy strncpy 9399->9402 9400->9300 9800 7ff7279c1af0 9401->9800 9790 7ff7279c40e0 9402->9790 9405->9398 9406 7ff7279c5e5c 9406->9400 9408 7ff7279c5e6f 9406->9408 9407 7ff7279c5d3a calloc malloc malloc 9407->9408 9409 7ff7279c5dbc 9407->9409 9410 7ff7279c2cd0 10 API calls 9408->9410 9409->9408 9411 7ff7279c5dca memcpy memcpy memcpy 9409->9411 9410->9400 9412 7ff7279c5e20 free 9411->9412 9413 7ff7279c5e0b 9411->9413 9412->9413 9413->9400 9415 7ff7279c61c1 9414->9415 9416 7ff7279c61fc 9414->9416 9417 7ff7279c61d2 9415->9417 9418 7ff7279c61cd free 9415->9418 9416->9300 9419 7ff7279c61e3 9417->9419 9420 7ff7279c61de free 9417->9420 9418->9417 9421 7ff7279c61ef free 9419->9421 9422 7ff7279c61f4 free 9419->9422 9420->9419 9421->9422 9422->9416 9424 7ff7279c3669 9423->9424 9425 7ff7279c35b8 9423->9425 9424->9300 9427 7ff7279c1ab0 10 API calls 9425->9427 9429 7ff7279c360a 9425->9429 9864 7ff7279c1c80 9425->9864 9901 7ff7279c31b0 9425->9901 9427->9425 9429->9424 9430 7ff7279c21f0 2 API calls 9429->9430 9430->9429 9432 7ff7279c8220 10 API calls 9431->9432 9433 7ff7279c7067 9432->9433 9434 7ff7279c8220 10 API calls 9433->9434 9435 7ff7279c7077 _wputenv_s free free 9434->9435 9435->9300 9437 7ff7279c79ae 9436->9437 9438 7ff7279c8220 10 API calls 9437->9438 9439 7ff7279c79da 9438->9439 9440 7ff7279c79e9 signal signal signal GetStartupInfoW 9439->9440 9441 7ff7279c7a73 _fileno _get_osfhandle 9440->9441 9442 7ff7279c7a95 _fileno _get_osfhandle 9441->9442 9443 7ff7279c7ab0 _fileno _get_osfhandle GetCommandLineW CreateProcessW 9442->9443 9444 7ff7279c7b50 9443->9444 9445 7ff7279c7b16 WaitForSingleObject GetExitCodeProcess 9443->9445 9446 7ff7279c2db0 10 API calls 9444->9446 9445->9324 9447 7ff7279c7b63 9446->9447 9447->9324 9449 7ff7279c6323 9448->9449 9453 7ff7279c3ed4 9448->9453 9450 7ff7279c63ba 9449->9450 9449->9453 10148 7ff7279c7970 FreeLibrary 9449->10148 9450->9453 10149 7ff7279c7970 FreeLibrary 9450->10149 9453->9327 9455 7ff7279c7486 9454->9455 9456 7ff7279c8220 10 API calls 9455->9456 9457 7ff7279c74b2 9456->9457 9458 7ff7279c74bd wcslen 9457->9458 9459 7ff7279c74d6 9458->9459 9460 7ff7279c74dc wcscat 9458->9460 9459->9460 9461 7ff7279c7530 wcscat 9459->9461 10150 7ff7279cee20 9460->10150 9461->9460 9464 7ff7279c7507 _wrmdir 9464->9329 9466 7ff7279c756e 9468 7ff7279c759e _findclose 9466->9468 9469 7ff7279c75b0 25 API calls 9466->9469 10170 7ff7279cef00 9466->10170 9468->9464 9469->9466 9471 7ff7279c8233 9470->9471 9472 7ff7279c8270 MultiByteToWideChar 9470->9472 9473 7ff7279c823d MultiByteToWideChar 9471->9473 9474 7ff7279c82a5 calloc 9472->9474 9475 7ff7279c82f8 9472->9475 9477 7ff7279c82d8 9473->9477 9482 7ff7279c825c 9473->9482 9474->9473 9478 7ff7279c82bb 9474->9478 9476 7ff7279c2db0 7 API calls 9475->9476 9476->9482 9480 7ff7279c2db0 7 API calls 9477->9480 9479 7ff7279c2db0 7 API calls 9478->9479 9481 7ff7279c82d0 9479->9481 9480->9482 9481->9482 9482->9300 9484 7ff7279cf490 fputc 9483->9484 9485 7ff7279c3b44 9484->9485 9485->9300 10178 7ff7279c51d0 9486->10178 9489 7ff7279c3adb 9489->9315 9496 7ff7279c2218 9495->9496 9497 7ff7279c21fd 9495->9497 9496->9321 9498 7ff7279c2206 free 9497->9498 9499 7ff7279c220b 9497->9499 9498->9499 9499->9496 9500 7ff7279c2213 fclose 9499->9500 9500->9496 9502 7ff7279ce240 9501->9502 9503 7ff7279c5ef6 calloc 9502->9503 9504 7ff7279c60d0 strncpy 9503->9504 9508 7ff7279c5f1f 9503->9508 9505 7ff7279c6038 strncpy 9504->9505 9507 7ff7279c40e0 4 API calls 9505->9507 9509 7ff7279c6060 strncpy 9507->9509 9510 7ff7279c5f40 memcpy 9508->9510 9512 7ff7279c5f9d strlen 9508->9512 9513 7ff7279c5fdc 9508->9513 9527 7ff7279c60b0 9508->9527 10467 7ff7279c22e0 9508->10467 9511 7ff7279c40e0 4 API calls 9509->9511 9514 7ff7279c40e0 4 API calls 9510->9514 9515 7ff7279c608d 9511->9515 9512->9508 9516 7ff7279c6010 9512->9516 9517 7ff7279c2cd0 10 API calls 9513->9517 9518 7ff7279c5f64 strlen strlen 9514->9518 10471 7ff7279c40b0 9515->10471 9516->9504 9522 7ff7279c6019 9516->9522 9521 7ff7279c5ff0 free 9517->9521 9523 7ff7279c1c80 92 API calls 9518->9523 9520 7ff7279c6098 9524 7ff7279c40e0 4 API calls 9520->9524 9521->9295 9525 7ff7279c40e0 4 API calls 9522->9525 9523->9508 9526 7ff7279c60a6 9524->9526 9525->9505 9526->9521 9528 7ff7279c2cd0 10 API calls 9527->9528 9528->9526 9530 7ff7279c7930 12 API calls 9529->9530 9531 7ff7279c6111 9530->9531 9532 7ff7279c7930 12 API calls 9531->9532 9533 7ff7279c6124 9532->9533 9534 7ff7279c6150 9533->9534 9535 7ff7279c613f GetProcAddress 9533->9535 9536 7ff7279c2cd0 10 API calls 9534->9536 9539 7ff7279c6b6f 9535->9539 9540 7ff7279c681d GetProcAddress 9535->9540 9538 7ff7279c615c 9536->9538 9538->9295 9541 7ff7279c2db0 10 API calls 9539->9541 9542 7ff7279c6ba4 9540->9542 9543 7ff7279c6839 GetProcAddress 9540->9543 9547 7ff7279c6b65 9541->9547 9546 7ff7279c2db0 10 API calls 9542->9546 9544 7ff7279c6b8f 9543->9544 9545 7ff7279c6855 GetProcAddress 9543->9545 9550 7ff7279c2db0 10 API calls 9544->9550 9548 7ff7279c6871 GetProcAddress 9545->9548 9549 7ff7279c6bce 9545->9549 9546->9547 9547->9295 9551 7ff7279c6bb9 9548->9551 9552 7ff7279c688d GetProcAddress 9548->9552 9553 7ff7279c2db0 10 API calls 9549->9553 9550->9547 9556 7ff7279c2db0 10 API calls 9551->9556 9554 7ff7279c6c10 9552->9554 9555 7ff7279c68a9 GetProcAddress 9552->9555 9553->9547 9559 7ff7279c2db0 10 API calls 9554->9559 9557 7ff7279c68c5 GetProcAddress 9555->9557 9558 7ff7279c6bf8 9555->9558 9556->9547 9561 7ff7279c68e1 GetProcAddress 9557->9561 9562 7ff7279c6be3 9557->9562 9560 7ff7279c2db0 10 API calls 9558->9560 9559->9547 9560->9547 9564 7ff7279c6c28 9561->9564 9565 7ff7279c68fd GetProcAddress 9561->9565 9563 7ff7279c2db0 10 API calls 9562->9563 9563->9547 9568 7ff7279c2db0 10 API calls 9564->9568 9566 7ff7279c6919 GetProcAddress 9565->9566 9567 7ff7279c6c88 9565->9567 9570 7ff7279c6c70 9566->9570 9571 7ff7279c6935 GetProcAddress 9566->9571 9569 7ff7279c2db0 10 API calls 9567->9569 9568->9547 9569->9547 9572 7ff7279c2db0 10 API calls 9570->9572 9573 7ff7279c6951 GetProcAddress 9571->9573 9574 7ff7279c6c58 9571->9574 9572->9547 9576 7ff7279c6c40 9573->9576 9577 7ff7279c696d GetProcAddress 9573->9577 9575 7ff7279c2db0 10 API calls 9574->9575 9575->9547 9578 7ff7279c2db0 10 API calls 9576->9578 9579 7ff7279c6989 GetProcAddress 9577->9579 9580 7ff7279c6ce8 9577->9580 9578->9547 9582 7ff7279c6cd0 9579->9582 9583 7ff7279c69a5 GetProcAddress 9579->9583 9581 7ff7279c2db0 10 API calls 9580->9581 9581->9547 9584 7ff7279c2db0 10 API calls 9582->9584 9585 7ff7279c69c1 GetProcAddress 9583->9585 9586 7ff7279c6cb8 9583->9586 9584->9547 9587 7ff7279c6ca0 9585->9587 9588 7ff7279c69dd GetProcAddress 9585->9588 9589 7ff7279c2db0 10 API calls 9586->9589 9592 7ff7279c2db0 10 API calls 9587->9592 9590 7ff7279c6d00 9588->9590 9591 7ff7279c69f9 GetProcAddress 9588->9591 9589->9547 9595 7ff7279c2db0 10 API calls 9590->9595 9593 7ff7279c6a15 GetProcAddress 9591->9593 9594 7ff7279c6d18 9591->9594 9592->9547 9596 7ff7279c6a31 GetProcAddress 9593->9596 9597 7ff7279c6d48 9593->9597 9598 7ff7279c2db0 10 API calls 9594->9598 9595->9547 9599 7ff7279c6d30 9596->9599 9600 7ff7279c6a4d GetProcAddress 9596->9600 9601 7ff7279c2db0 10 API calls 9597->9601 9598->9547 9604 7ff7279c2db0 10 API calls 9599->9604 9602 7ff7279c6d90 9600->9602 9603 7ff7279c6a69 GetProcAddress 9600->9603 9601->9547 9607 7ff7279c2db0 10 API calls 9602->9607 9605 7ff7279c6a85 GetProcAddress 9603->9605 9606 7ff7279c6d78 9603->9606 9604->9547 9609 7ff7279c6aa1 GetProcAddress 9605->9609 9610 7ff7279c6d60 9605->9610 9608 7ff7279c2db0 10 API calls 9606->9608 9607->9547 9608->9547 9612 7ff7279c6da8 9609->9612 9613 7ff7279c6abd GetProcAddress 9609->9613 9611 7ff7279c2db0 10 API calls 9610->9611 9611->9547 9616 7ff7279c2db0 10 API calls 9612->9616 9614 7ff7279c6ad9 GetProcAddress 9613->9614 9615 7ff7279c6e08 9613->9615 9618 7ff7279c6df0 9614->9618 9619 7ff7279c6af5 GetProcAddress 9614->9619 9617 7ff7279c2db0 10 API calls 9615->9617 9616->9547 9617->9547 9620 7ff7279c2db0 10 API calls 9618->9620 9621 7ff7279c6b11 GetProcAddress 9619->9621 9622 7ff7279c6dd8 9619->9622 9620->9547 9624 7ff7279c6dc0 9621->9624 9625 7ff7279c6b2d GetProcAddress 9621->9625 9623 7ff7279c2db0 10 API calls 9622->9623 9623->9547 9626 7ff7279c2db0 10 API calls 9624->9626 9627 7ff7279c6e20 9625->9627 9628 7ff7279c6b49 GetProcAddress 9625->9628 9626->9547 9629 7ff7279c2db0 10 API calls 9627->9629 9628->9547 9630 7ff7279c6e38 9628->9630 9629->9547 9631 7ff7279c2db0 10 API calls 9630->9631 9631->9547 9633 7ff7279c6453 9632->9633 9634 7ff7279c2cd0 10 API calls 9633->9634 9637 7ff7279c64a3 9633->9637 9635 7ff7279c6500 9634->9635 9636 7ff7279c6310 FreeLibrary 9635->9636 9636->9637 9637->9295 9639 7ff7279c80b0 WideCharToMultiByte 9638->9639 9640 7ff7279c8063 9638->9640 9641 7ff7279c8150 9639->9641 9642 7ff7279c80f7 calloc 9639->9642 9643 7ff7279c806d WideCharToMultiByte 9640->9643 9645 7ff7279c2db0 10 API calls 9641->9645 9642->9643 9644 7ff7279c8111 9642->9644 9646 7ff7279c80a2 9643->9646 9647 7ff7279c8130 9643->9647 9651 7ff7279c2db0 GetLastError 9644->9651 9645->9646 9646->9335 9649 7ff7279c2db0 10 API calls 9647->9649 9649->9646 9660 7ff7279cf490 9651->9660 9655 7ff7279c2e0a 9677 7ff7279c2be0 9655->9677 9659 7ff7279c2e40 9659->9646 9661 7ff7279cf4b2 9660->9661 9662 7ff7279cf4db 9660->9662 9688 7ff7279d1605 9661->9688 9664 7ff7279d1605 fputc 9662->9664 9665 7ff7279c2dfe 9664->9665 9666 7ff7279c7e60 9665->9666 9667 7ff7279c7e6c 9666->9667 9668 7ff7279c7e7a FormatMessageW 9667->9668 9669 7ff7279c7f28 GetLastError 9667->9669 9670 7ff7279c7f00 9668->9670 9671 7ff7279c7eac WideCharToMultiByte 9668->9671 9669->9668 9674 7ff7279c2db0 7 API calls 9670->9674 9672 7ff7279c7ef1 9671->9672 9673 7ff7279c7f40 9671->9673 9672->9655 9676 7ff7279c2db0 7 API calls 9673->9676 9675 7ff7279c7f13 9674->9675 9675->9655 9676->9672 9678 7ff7279cf490 fputc 9677->9678 9679 7ff7279c2c04 9678->9679 9680 7ff7279c2c10 9679->9680 9681 7ff7279c2c1e 9680->9681 9682 7ff7279c8220 8 API calls 9681->9682 9683 7ff7279c2c6a 9682->9683 9684 7ff7279c2cb0 MessageBoxA 9683->9684 9685 7ff7279c2c6f 9683->9685 9684->9659 9686 7ff7279c8220 8 API calls 9685->9686 9687 7ff7279c2c88 MessageBoxW 9686->9687 9687->9659 9691 7ff7279d1624 9688->9691 9689 7ff7279d1fe5 9689->9665 9690 7ff7279cf640 fputc 9690->9691 9691->9689 9691->9690 9693 7ff7279cf490 fputc 9692->9693 9694 7ff7279c2e97 _errno 9693->9694 9695 7ff7279c2ea4 9694->9695 9696 7ff7279c2be0 fputc 9695->9696 9697 7ff7279c2ec5 9696->9697 9698 7ff7279c2c10 10 API calls 9697->9698 9699 7ff7279c2eda 9698->9699 9699->9342 9701 7ff7279ce24f 9700->9701 9701->9345 9701->9701 9703 7ff7279cf490 fputc 9702->9703 9704 7ff7279c2d12 9703->9704 9705 7ff7279c2c10 10 API calls 9704->9705 9706 7ff7279c2d27 9705->9706 9706->9351 9708 7ff7279cf490 fputc 9707->9708 9709 7ff7279c1aa4 9708->9709 9709->9366 9709->9367 9711 7ff7279c404c 9710->9711 9747 7ff7279c4010 9711->9747 9714 7ff7279c2124 strcpy 9718 7ff7279c1e80 9714->9718 9717 7ff7279c4010 fputc 9717->9714 9719 7ff7279c2020 9718->9719 9720 7ff7279c1e96 9718->9720 9722 7ff7279c43b0 11 API calls 9719->9722 9721 7ff7279c7d40 5 API calls 9720->9721 9732 7ff7279c200c 9720->9732 9723 7ff7279c1ec0 9721->9723 9722->9720 9723->9732 9771 7ff7279cf2d0 9723->9771 9726 7ff7279c1ee1 fread 9729 7ff7279c1f01 9726->9729 9730 7ff7279c2048 9726->9730 9727 7ff7279c2085 9728 7ff7279c2e50 11 API calls 9727->9728 9728->9732 9733 7ff7279cf2d0 2 API calls 9729->9733 9731 7ff7279c2e50 11 API calls 9730->9731 9731->9732 9732->9366 9732->9373 9734 7ff7279c1f4b malloc 9733->9734 9735 7ff7279c209a 9734->9735 9736 7ff7279c1f67 fread 9734->9736 9739 7ff7279c2e50 11 API calls 9735->9739 9737 7ff7279c2062 9736->9737 9738 7ff7279c1f81 ferror 9736->9738 9741 7ff7279c2e50 11 API calls 9737->9741 9740 7ff7279c2077 9738->9740 9744 7ff7279c1f9f 9738->9744 9739->9732 9742 7ff7279c2cd0 10 API calls 9740->9742 9741->9732 9742->9732 9743 7ff7279c1ff3 9743->9732 9745 7ff7279c2000 fclose 9743->9745 9744->9743 9746 7ff7279c2cd0 10 API calls 9744->9746 9745->9732 9746->9744 9748 7ff7279cf490 fputc 9747->9748 9749 7ff7279c4034 9748->9749 9749->9714 9750 7ff7279ce5f0 9749->9750 9751 7ff7279ce614 9750->9751 9752 7ff7279ce62f setlocale 9751->9752 9753 7ff7279ce61f _strdup 9751->9753 9754 7ff7279cea7b wcstombs realloc wcstombs setlocale free 9752->9754 9755 7ff7279ce64e 9752->9755 9753->9752 9756 7ff7279c4082 9754->9756 9755->9754 9757 7ff7279ce65d mbstowcs 9755->9757 9756->9717 9758 7ff7279ce240 9757->9758 9759 7ff7279ce6b6 mbstowcs 9758->9759 9760 7ff7279ce704 9759->9760 9761 7ff7279ce76b 9759->9761 9760->9761 9763 7ff7279ce745 setlocale free 9760->9763 9762 7ff7279cea71 9761->9762 9764 7ff7279ce79b 9761->9764 9762->9754 9763->9756 9765 7ff7279ce81a wcstombs realloc wcstombs 9764->9765 9769 7ff7279ce81f wcstombs 9764->9769 9767 7ff7279cea4e setlocale free 9765->9767 9767->9756 9769->9767 9770 7ff7279ce9a5 9769->9770 9770->9767 9774 7ff7279cf310 9771->9774 9775 7ff7279cf356 9774->9775 9776 7ff7279cf32a 9774->9776 9775->9776 9777 7ff7279cf398 _errno 9775->9777 9778 7ff7279cf3aa fsetpos 9776->9778 9779 7ff7279c1ed9 9776->9779 9777->9779 9778->9779 9779->9726 9779->9727 9783 7ff7279cf3e0 fgetpos 9780->9783 9784 7ff7279cf3d8 9783->9784 9784->9386 9786 7ff7279c1ad0 9785->9786 9787 7ff7279c1ac4 9785->9787 9788 7ff7279c2cd0 10 API calls 9786->9788 9787->9392 9789 7ff7279c1adc 9788->9789 9789->9392 9791 7ff7279c4010 fputc 9790->9791 9792 7ff7279c4101 9791->9792 9793 7ff7279c4178 9792->9793 9794 7ff7279c4124 strlen 9792->9794 9793->9407 9794->9793 9795 7ff7279c4139 9794->9795 9796 7ff7279c4149 strncat 9795->9796 9798 7ff7279c4160 9795->9798 9797 7ff7279c414e 9796->9797 9797->9407 9799 7ff7279c4165 strlen 9798->9799 9799->9797 9801 7ff7279c1bf0 9800->9801 9802 7ff7279c1b0e 9800->9802 9804 7ff7279c43b0 11 API calls 9801->9804 9803 7ff7279cf2d0 2 API calls 9802->9803 9805 7ff7279c1b1e 9803->9805 9806 7ff7279c1c00 9804->9806 9807 7ff7279c1b26 malloc 9805->9807 9808 7ff7279c1c38 9805->9808 9806->9802 9809 7ff7279c1c10 9806->9809 9810 7ff7279c1c52 9807->9810 9811 7ff7279c1b3f 9807->9811 9813 7ff7279c2e50 11 API calls 9808->9813 9812 7ff7279c2cd0 10 API calls 9809->9812 9817 7ff7279c2e50 11 API calls 9810->9817 9814 7ff7279c1bd0 9811->9814 9815 7ff7279c1b4b 9811->9815 9816 7ff7279c1c21 9812->9816 9813->9816 9827 7ff7279c1710 9814->9827 9819 7ff7279c1b60 fread 9815->9819 9820 7ff7279c1b53 9815->9820 9816->9406 9817->9820 9819->9815 9822 7ff7279c1b86 9819->9822 9824 7ff7279c1bb2 fclose 9820->9824 9825 7ff7279c1bbf 9820->9825 9821 7ff7279c1be1 9821->9820 9826 7ff7279c1b9e free 9821->9826 9823 7ff7279c2e50 11 API calls 9822->9823 9823->9826 9824->9825 9825->9406 9826->9820 9849 7ff7279c8af0 9827->9849 9829 7ff7279c1779 9830 7ff7279c1783 malloc 9829->9830 9831 7ff7279c19fb 9829->9831 9832 7ff7279c1a52 9830->9832 9833 7ff7279c1799 malloc 9830->9833 9834 7ff7279c2cd0 10 API calls 9831->9834 9835 7ff7279c2e50 11 API calls 9832->9835 9836 7ff7279c17af 9833->9836 9837 7ff7279c1a3b 9833->9837 9847 7ff7279c17eb 9834->9847 9835->9832 9839 7ff7279c17b3 fread 9836->9839 9838 7ff7279c2e50 11 API calls 9837->9838 9838->9832 9840 7ff7279c18f5 9839->9840 9841 7ff7279c17db ferror 9839->9841 9843 7ff7279c1902 free free 9840->9843 9841->9840 9841->9847 9843->9821 9844 7ff7279c1852 fwrite 9845 7ff7279c187a ferror 9844->9845 9846 7ff7279c18c4 9844->9846 9845->9846 9845->9847 9846->9840 9848 7ff7279c2cd0 10 API calls 9846->9848 9847->9839 9847->9840 9847->9844 9847->9846 9853 7ff7279c8ba0 9847->9853 9848->9840 9850 7ff7279c8a00 9849->9850 9851 7ff7279c8a4e malloc 9850->9851 9852 7ff7279c8a63 9850->9852 9851->9852 9852->9829 9856 7ff7279c8bdf 9853->9856 9854 7ff7279c8de1 9854->9847 9856->9854 9857 7ff7279c86c0 9856->9857 9858 7ff7279c8780 malloc 9857->9858 9859 7ff7279c86e2 9857->9859 9858->9859 9860 7ff7279c872b 9858->9860 9861 7ff7279c8702 memcpy 9859->9861 9862 7ff7279c8758 memcpy 9859->9862 9860->9856 9861->9860 9863 7ff7279c87c0 memcpy 9861->9863 9862->9860 9863->9860 9957 7ff7279c7410 9864->9957 9867 7ff7279c1daf 9867->9425 9869 7ff7279c1cb3 9870 7ff7279c1cbf 9869->9870 9871 7ff7279c1e38 9869->9871 9872 7ff7279c1ccb 9870->9872 9875 7ff7279c43b0 11 API calls 9870->9875 9873 7ff7279c2e50 11 API calls 9871->9873 9874 7ff7279cf2d0 2 API calls 9872->9874 9873->9867 9876 7ff7279c1cd9 9874->9876 9877 7ff7279c1dd0 9875->9877 9878 7ff7279c1ce1 9876->9878 9879 7ff7279c1e20 9876->9879 9877->9872 9880 7ff7279c1ddf 9877->9880 9882 7ff7279c1d80 9878->9882 9883 7ff7279c1ceb malloc 9878->9883 9881 7ff7279c2e50 11 API calls 9879->9881 9884 7ff7279c2cd0 10 API calls 9880->9884 9888 7ff7279c1d91 9881->9888 9885 7ff7279c1710 24 API calls 9882->9885 9886 7ff7279c1d01 9883->9886 9887 7ff7279c1e58 9883->9887 9884->9888 9885->9888 9889 7ff7279c1d36 fread 9886->9889 9899 7ff7279c1d09 free 9886->9899 9890 7ff7279c2e50 11 API calls 9887->9890 9891 7ff7279c1da7 fclose 9888->9891 9892 7ff7279c1d9b fclose 9888->9892 9894 7ff7279c1d10 fwrite 9889->9894 9895 7ff7279c1d5b 9889->9895 9893 7ff7279c1e6e 9890->9893 9891->9867 9892->9891 9893->9888 9894->9886 9896 7ff7279c1e00 9894->9896 9897 7ff7279c2e50 11 API calls 9895->9897 9900 7ff7279c2e50 11 API calls 9896->9900 9897->9899 9899->9888 9900->9899 9902 7ff7279c31c6 9901->9902 10102 7ff7279c3140 9902->10102 9905 7ff7279c4040 18 API calls 9906 7ff7279c321c 9905->9906 10107 7ff7279c30e0 9906->10107 9908 7ff7279c2cd0 10 API calls 9918 7ff7279c3267 9908->9918 9910 7ff7279c3244 9911 7ff7279c7410 59 API calls 9910->9911 9913 7ff7279c324c 9911->9913 9912 7ff7279c30e0 6 API calls 9914 7ff7279c32c5 9912->9914 9913->9918 10112 7ff7279c7820 9913->10112 9914->9910 9915 7ff7279c32cd 9914->9915 9917 7ff7279c30e0 6 API calls 9915->9917 9919 7ff7279c32ef 9917->9919 9918->9908 9921 7ff7279c3270 9918->9921 9920 7ff7279c32f7 9919->9920 9923 7ff7279c30e0 6 API calls 9919->9923 9922 7ff7279c7410 59 API calls 9920->9922 9925 7ff7279c33dc 9920->9925 9921->9425 9930 7ff7279c3300 9922->9930 9924 7ff7279c33b2 9923->9924 9924->9920 9928 7ff7279c30e0 6 API calls 9924->9928 9926 7ff7279c2cd0 10 API calls 9925->9926 9926->9918 9927 7ff7279c33e8 9931 7ff7279c21b0 12 API calls 9927->9931 9928->9920 9929 7ff7279c3335 strcmp 9929->9930 9934 7ff7279c3345 9929->9934 9930->9925 9930->9927 9930->9929 9932 7ff7279c33f5 9931->9932 9932->9925 10132 7ff7279c30b0 9932->10132 9933 7ff7279c3358 strcmp 9933->9934 9934->9921 9934->9933 9936 7ff7279c1c80 92 API calls 9934->9936 9937 7ff7279c1ab0 10 API calls 9934->9937 9942 7ff7279c34fe 9934->9942 9936->9934 9937->9934 9939 7ff7279c3494 9941 7ff7279c2cd0 10 API calls 9939->9941 9940 7ff7279c30b0 fputc 9943 7ff7279c3447 9940->9943 9945 7ff7279c34ac 9941->9945 9944 7ff7279c2cd0 10 API calls 9942->9944 9943->9939 9948 7ff7279c30b0 fputc 9943->9948 9946 7ff7279c350d 9944->9946 9947 7ff7279c21f0 2 API calls 9945->9947 9949 7ff7279c21f0 2 API calls 9946->9949 9947->9925 9950 7ff7279c3471 9948->9950 9949->9918 9950->9939 9951 7ff7279c1e80 22 API calls 9950->9951 9952 7ff7279c3490 9951->9952 9952->9939 9953 7ff7279c34de 9952->9953 9954 7ff7279c2e50 11 API calls 9953->9954 9955 7ff7279c34f4 9954->9955 9956 7ff7279c21f0 2 API calls 9955->9956 9956->9925 9958 7ff7279c7430 9957->9958 9963 7ff7279c1c97 9957->9963 9988 7ff7279c2230 strlen 9958->9988 9963->9867 9965 7ff7279c7690 9963->9965 9964 7ff7279c2cd0 10 API calls 9964->9963 9966 7ff7279c76a2 9965->9966 10081 7ff7279c6e80 9966->10081 9969 7ff7279c77a0 9969->9869 9970 7ff7279c6e80 fputc 9971 7ff7279c76ee 9970->9971 9971->9969 9972 7ff7279c76f9 strlen 9971->9972 9986 7ff7279c7716 9972->9986 9973 7ff7279c77b8 9974 7ff7279c8220 10 API calls 9973->9974 9976 7ff7279c77d1 9974->9976 9975 7ff7279c7730 strlen 9975->9969 9977 7ff7279c7746 strlen strcpy strtok 9975->9977 9978 7ff7279cf1cb 5 API calls 9976->9978 9977->9973 9977->9986 9979 7ff7279c77de 9978->9979 9981 7ff7279c77e2 9979->9981 10091 7ff7279c2d40 9979->10091 9980 7ff7279c8220 10 API calls 9980->9986 9982 7ff7279c43b0 11 API calls 9981->9982 9985 7ff7279c77f1 9982->9985 9985->9869 9986->9973 9986->9975 9986->9980 9987 7ff7279c8450 13 API calls 9986->9987 10084 7ff7279cf1cb 9986->10084 9987->9986 9990 7ff7279c2260 9988->9990 9989 7ff7279c228b 9992 7ff7279c7250 9989->9992 9990->9989 9991 7ff7279c2cd0 10 API calls 9990->9991 9991->9990 9993 7ff7279c7266 9992->9993 9994 7ff7279c7274 9993->9994 9995 7ff7279c72b9 GetTempPathW _getpid 9993->9995 9997 7ff7279c6fc0 15 API calls 9994->9997 10028 7ff7279c6e50 9995->10028 9999 7ff7279c7280 9997->9999 10045 7ff7279c70f0 9999->10045 10001 7ff7279c72f9 _wtempnam 10031 7ff7279c8450 10001->10031 10002 7ff7279c728b 10004 7ff7279c7297 _wputenv_s free 10002->10004 10014 7ff7279c7343 10002->10014 10004->9995 10006 7ff7279c7360 10004->10006 10009 7ff7279c2cd0 10 API calls 10006->10009 10007 7ff7279c7311 free 10007->10001 10011 7ff7279c731e 10007->10011 10008 7ff7279c7370 10010 7ff7279c8050 13 API calls 10008->10010 10012 7ff7279c736c 10009->10012 10013 7ff7279c7381 free 10010->10013 10011->10014 10016 7ff7279c73b8 10011->10016 10017 7ff7279c732c 10011->10017 10012->10014 10013->10014 10015 7ff7279c738e 10013->10015 10014->9963 10014->9964 10018 7ff7279c73e4 10015->10018 10019 7ff7279c7393 10015->10019 10020 7ff7279c8220 10 API calls 10016->10020 10021 7ff7279c7050 13 API calls 10017->10021 10022 7ff7279c8220 10 API calls 10018->10022 10023 7ff7279c7050 13 API calls 10019->10023 10024 7ff7279c73c9 SetEnvironmentVariableW free 10020->10024 10025 7ff7279c733b free 10021->10025 10026 7ff7279c73f5 SetEnvironmentVariableW free 10022->10026 10027 7ff7279c73a2 free 10023->10027 10024->10014 10025->10014 10026->10014 10027->10014 10067 7ff7279cf530 10028->10067 10032 7ff7279ce240 10031->10032 10033 7ff7279c8462 GetCurrentProcess OpenProcessToken 10032->10033 10034 7ff7279c84a6 10033->10034 10035 7ff7279c8550 GetTokenInformation 10033->10035 10036 7ff7279c84ad free 10034->10036 10037 7ff7279c8586 calloc 10035->10037 10038 7ff7279c8577 GetLastError 10035->10038 10039 7ff7279c84c6 _snwprintf LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 10036->10039 10040 7ff7279c84c0 CloseHandle 10036->10040 10037->10034 10041 7ff7279c85a8 GetTokenInformation 10037->10041 10038->10034 10038->10037 10042 7ff7279c8525 CreateDirectoryW 10039->10042 10043 7ff7279c730d 10039->10043 10040->10039 10041->10036 10044 7ff7279c85c7 ConvertSidToStringSidW 10041->10044 10042->10043 10043->10007 10043->10008 10044->10036 10046 7ff7279c70fe 10045->10046 10047 7ff7279c8220 10 API calls 10046->10047 10048 7ff7279c710e 10047->10048 10049 7ff7279c7230 10048->10049 10050 7ff7279c711a ExpandEnvironmentStringsW free 10048->10050 10053 7ff7279c2cd0 10 API calls 10049->10053 10051 7ff7279c7210 10050->10051 10052 7ff7279c7143 10050->10052 10055 7ff7279c2cd0 10 API calls 10051->10055 10079 7ff7279c8660 wcslen 10052->10079 10065 7ff7279c721e 10053->10065 10055->10065 10056 7ff7279c714b 10057 7ff7279c7153 _wfullpath 10056->10057 10058 7ff7279c71f8 _wcsdup 10056->10058 10059 7ff7279c7167 10057->10059 10058->10059 10060 7ff7279c7240 10059->10060 10061 7ff7279c7170 wcschr 10059->10061 10062 7ff7279c2cd0 10 API calls 10060->10062 10063 7ff7279c71a1 10061->10063 10064 7ff7279c71dd CreateDirectoryW 10061->10064 10062->10065 10066 7ff7279c71a8 wcsncpy CreateDirectoryW wcschr 10063->10066 10064->10002 10065->10002 10066->10064 10066->10066 10068 7ff7279cf552 10067->10068 10069 7ff7279cf57b 10067->10069 10073 7ff7279d4113 _errno 10068->10073 10070 7ff7279d4113 4 API calls 10069->10070 10072 7ff7279c6e74 10070->10072 10072->10001 10078 7ff7279d4190 10073->10078 10074 7ff7279d4b7f 10075 7ff7279d4bb8 10074->10075 10076 7ff7279d2388 fputwc fwprintf fwprintf 10074->10076 10075->10072 10076->10075 10077 7ff7279d2388 fputwc fwprintf fwprintf 10077->10078 10078->10074 10078->10077 10080 7ff7279c867b 10079->10080 10080->10056 10082 7ff7279cf490 fputc 10081->10082 10083 7ff7279c6ea4 10082->10083 10083->9969 10083->9970 10096 7ff7279cefe0 10084->10096 10086 7ff7279cf1e7 10087 7ff7279cf214 10086->10087 10088 7ff7279cf208 free 10086->10088 10089 7ff7279cf23b 10087->10089 10090 7ff7279cf21a memset 10087->10090 10088->10087 10089->9986 10090->10089 10092 7ff7279cf490 fputc 10091->10092 10093 7ff7279c2d82 10092->10093 10094 7ff7279c2c10 10 API calls 10093->10094 10095 7ff7279c2d97 10094->10095 10095->9981 10097 7ff7279cefff 10096->10097 10101 7ff7279cf041 10096->10101 10098 7ff7279cf00f wcslen 10097->10098 10097->10101 10099 7ff7279cf024 10098->10099 10098->10101 10100 7ff7279cf176 malloc memcpy 10099->10100 10099->10101 10100->10101 10101->10086 10103 7ff7279c30b0 fputc 10102->10103 10104 7ff7279c3160 10103->10104 10105 7ff7279c3179 strcpy 10104->10105 10106 7ff7279c318d 10104->10106 10105->10106 10106->9905 10106->9918 10108 7ff7279cf490 fputc 10107->10108 10109 7ff7279c3112 10108->10109 10110 7ff7279c3126 10109->10110 10135 7ff7279ced1a 10109->10135 10110->9910 10110->9912 10113 7ff7279c782d 10112->10113 10114 7ff7279c43b0 11 API calls 10113->10114 10115 7ff7279c7842 10114->10115 10116 7ff7279c7690 34 API calls 10115->10116 10117 7ff7279c7850 10116->10117 10118 7ff7279c7919 10117->10118 10119 7ff7279c790c 10117->10119 10123 7ff7279c7865 10117->10123 10120 7ff7279c78f6 10118->10120 10121 7ff7279c791e fclose 10118->10121 10119->10118 10122 7ff7279c7911 fclose 10119->10122 10120->9918 10121->10120 10122->10118 10124 7ff7279c7880 fread 10123->10124 10125 7ff7279c78e1 fclose fclose 10123->10125 10127 7ff7279c78b8 fwrite 10124->10127 10128 7ff7279c789e ferror 10124->10128 10125->10120 10129 7ff7279c78d9 clearerr 10127->10129 10130 7ff7279c78cd ferror 10127->10130 10128->10123 10131 7ff7279c78aa clearerr 10128->10131 10129->10125 10130->10123 10130->10129 10131->10125 10133 7ff7279cf490 fputc 10132->10133 10134 7ff7279c30cd 10133->10134 10134->9939 10134->9940 10142 7ff7279ceb60 10135->10142 10137 7ff7279ced36 10138 7ff7279ced63 10137->10138 10139 7ff7279ced57 free 10137->10139 10140 7ff7279ced69 memset 10138->10140 10141 7ff7279ced8a 10138->10141 10139->10138 10140->10141 10141->10110 10143 7ff7279ceb7f 10142->10143 10147 7ff7279cebbe 10142->10147 10144 7ff7279ceb8e strlen 10143->10144 10143->10147 10146 7ff7279ceba3 10144->10146 10144->10147 10145 7ff7279cecd0 malloc memcpy 10145->10147 10146->10145 10146->10147 10147->10137 10148->9450 10149->9453 10151 7ff7279cee51 10150->10151 10152 7ff7279cee85 memcpy 10151->10152 10153 7ff7279cee62 memset 10151->10153 10154 7ff7279c74fe 10152->10154 10153->10154 10154->9464 10155 7ff7279c75b0 10154->10155 10156 7ff7279c75be 10155->10156 10157 7ff7279c75f0 wcscmp 10156->10157 10169 7ff7279c75e1 10156->10169 10158 7ff7279c7603 wcscat 10157->10158 10157->10169 10159 7ff7279c7650 _wremove 10158->10159 10160 7ff7279c761d 10158->10160 10161 7ff7279c765d Sleep _wremove 10159->10161 10159->10169 10175 7ff7279c85f0 FindFirstFileExW 10160->10175 10161->10169 10164 7ff7279c7626 10166 7ff7279c8050 13 API calls 10164->10166 10165 7ff7279c7678 _wrmdir 10165->10169 10167 7ff7279c763c 10166->10167 10168 7ff7279c7470 24 API calls 10167->10168 10168->10169 10169->9466 10171 7ff7279cef31 10170->10171 10172 7ff7279cef40 memset 10171->10172 10173 7ff7279cef61 memcpy 10171->10173 10174 7ff7279cefd1 10172->10174 10173->10174 10174->9466 10176 7ff7279c8624 FindClose 10175->10176 10177 7ff7279c7622 10175->10177 10176->10177 10177->10164 10177->10165 10179 7ff7279c51de 10178->10179 10256 7ff7279c4f60 10179->10256 10182 7ff7279c5210 10185 7ff7279c40e0 4 API calls 10182->10185 10203 7ff7279c521f 10182->10203 10183 7ff7279c52e7 10184 7ff7279c2cd0 10 API calls 10183->10184 10202 7ff7279c3aad 10184->10202 10187 7ff7279c5289 10185->10187 10186 7ff7279c40e0 4 API calls 10188 7ff7279c5234 10186->10188 10189 7ff7279c528e 10187->10189 10194 7ff7279c2cd0 10 API calls 10187->10194 10190 7ff7279c5239 10188->10190 10192 7ff7279c2cd0 10 API calls 10188->10192 10429 7ff7279c4210 10189->10429 10259 7ff7279c7930 10190->10259 10192->10190 10194->10189 10196 7ff7279c5241 10197 7ff7279c5309 10196->10197 10198 7ff7279c524d 10196->10198 10199 7ff7279c2db0 10 API calls 10197->10199 10262 7ff7279c4410 GetProcAddress 10198->10262 10199->10202 10200 7ff7279c7930 12 API calls 10200->10203 10202->9489 10204 7ff7279c5550 10202->10204 10203->10186 10205 7ff7279c6fc0 15 API calls 10204->10205 10207 7ff7279c5566 10205->10207 10206 7ff7279c5586 10208 7ff7279c8220 10 API calls 10206->10208 10207->10206 10210 7ff7279c2d40 10 API calls 10207->10210 10209 7ff7279c55d2 10208->10209 10211 7ff7279c579c 10209->10211 10212 7ff7279c55db 10209->10212 10210->10206 10213 7ff7279c2cd0 10 API calls 10211->10213 10214 7ff7279c8220 10 API calls 10212->10214 10236 7ff7279c3ac3 10213->10236 10215 7ff7279c5606 10214->10215 10216 7ff7279c560f 10215->10216 10217 7ff7279c57b8 10215->10217 10219 7ff7279c4f60 fputc 10216->10219 10218 7ff7279c2cd0 10 API calls 10217->10218 10218->10236 10220 7ff7279c567b 10219->10220 10221 7ff7279c5686 10220->10221 10222 7ff7279c5777 10220->10222 10224 7ff7279c8220 10 API calls 10221->10224 10223 7ff7279c2cd0 10 API calls 10222->10223 10223->10236 10225 7ff7279c569e 10224->10225 10226 7ff7279c57aa 10225->10226 10227 7ff7279c56a7 10225->10227 10228 7ff7279c2cd0 10 API calls 10226->10228 10435 7ff7279c4fb0 10227->10435 10228->10236 10232 7ff7279c56eb 10233 7ff7279c56f7 10232->10233 10234 7ff7279c578e 10232->10234 10237 7ff7279c5732 free 10233->10237 10238 7ff7279c5720 free 10233->10238 10235 7ff7279c2cd0 10 API calls 10234->10235 10235->10236 10236->9489 10241 7ff7279c57d0 strlen 10236->10241 10239 7ff7279c5743 10237->10239 10238->10237 10238->10238 10239->10236 10240 7ff7279c2cd0 10 API calls 10239->10240 10240->10236 10242 7ff7279c580d 10241->10242 10243 7ff7279c58f9 10242->10243 10246 7ff7279c5819 10242->10246 10244 7ff7279c2cd0 10 API calls 10243->10244 10245 7ff7279c3acf 10244->10245 10245->9489 10251 7ff7279c59e0 10245->10251 10246->10245 10247 7ff7279c1af0 31 API calls 10246->10247 10248 7ff7279c1ab0 10 API calls 10246->10248 10249 7ff7279c2cd0 10 API calls 10246->10249 10250 7ff7279c58c1 free 10246->10250 10247->10246 10248->10246 10249->10246 10250->10246 10252 7ff7279c59f2 10251->10252 10255 7ff7279c59f8 10251->10255 10252->9489 10254 7ff7279c1ab0 10 API calls 10254->10255 10255->10252 10255->10254 10459 7ff7279c5910 strlen 10255->10459 10257 7ff7279cf490 fputc 10256->10257 10258 7ff7279c4f78 10257->10258 10258->10182 10258->10183 10260 7ff7279c8220 10 API calls 10259->10260 10261 7ff7279c7943 LoadLibraryExW free 10260->10261 10261->10196 10263 7ff7279c4a81 10262->10263 10264 7ff7279c443c GetProcAddress 10262->10264 10267 7ff7279c2db0 10 API calls 10263->10267 10265 7ff7279c4458 GetProcAddress 10264->10265 10266 7ff7279c4a6c 10264->10266 10269 7ff7279c4474 GetProcAddress 10265->10269 10270 7ff7279c4a57 10265->10270 10268 7ff7279c2db0 10 API calls 10266->10268 10427 7ff7279c4a14 10267->10427 10268->10427 10272 7ff7279c4af0 10269->10272 10273 7ff7279c4490 GetProcAddress 10269->10273 10271 7ff7279c2db0 10 API calls 10270->10271 10271->10427 10274 7ff7279c2db0 10 API calls 10272->10274 10275 7ff7279c4ad8 10273->10275 10276 7ff7279c44ac GetProcAddress 10273->10276 10274->10427 10277 7ff7279c2db0 10 API calls 10275->10277 10278 7ff7279c4ac0 10276->10278 10279 7ff7279c44c8 GetProcAddress 10276->10279 10277->10427 10280 7ff7279c2db0 10 API calls 10278->10280 10281 7ff7279c44e4 GetProcAddress 10279->10281 10282 7ff7279c4aab 10279->10282 10280->10427 10284 7ff7279c4500 GetProcAddress 10281->10284 10285 7ff7279c4a96 10281->10285 10283 7ff7279c2db0 10 API calls 10282->10283 10283->10427 10286 7ff7279c4f28 10284->10286 10287 7ff7279c451c 10284->10287 10288 7ff7279c2db0 10 API calls 10285->10288 10291 7ff7279c2db0 10 API calls 10286->10291 10289 7ff7279c4a20 GetProcAddress 10287->10289 10290 7ff7279c4528 GetProcAddress 10287->10290 10288->10427 10289->10290 10292 7ff7279c4a3c 10289->10292 10293 7ff7279c4b50 10290->10293 10294 7ff7279c4544 GetProcAddress 10290->10294 10291->10427 10295 7ff7279c2db0 10 API calls 10292->10295 10298 7ff7279c2db0 10 API calls 10293->10298 10296 7ff7279c4560 GetProcAddress 10294->10296 10297 7ff7279c4b38 10294->10297 10295->10427 10299 7ff7279c4b20 10296->10299 10300 7ff7279c457c GetProcAddress 10296->10300 10301 7ff7279c2db0 10 API calls 10297->10301 10298->10427 10302 7ff7279c2db0 10 API calls 10299->10302 10303 7ff7279c4b08 10300->10303 10304 7ff7279c4598 GetProcAddress 10300->10304 10301->10427 10302->10427 10307 7ff7279c2db0 10 API calls 10303->10307 10305 7ff7279c4bb0 10304->10305 10306 7ff7279c45b4 GetProcAddress 10304->10306 10308 7ff7279c2db0 10 API calls 10305->10308 10309 7ff7279c45d0 GetProcAddress 10306->10309 10310 7ff7279c4b98 10306->10310 10307->10427 10308->10427 10312 7ff7279c4b80 10309->10312 10313 7ff7279c45ec GetProcAddress 10309->10313 10311 7ff7279c2db0 10 API calls 10310->10311 10311->10427 10316 7ff7279c2db0 10 API calls 10312->10316 10314 7ff7279c4b68 10313->10314 10315 7ff7279c4608 GetProcAddress 10313->10315 10317 7ff7279c2db0 10 API calls 10314->10317 10318 7ff7279c4be0 10315->10318 10319 7ff7279c4624 GetProcAddress 10315->10319 10316->10427 10317->10427 10320 7ff7279c2db0 10 API calls 10318->10320 10321 7ff7279c4640 GetProcAddress 10319->10321 10322 7ff7279c4bc8 10319->10322 10320->10427 10324 7ff7279c4c10 10321->10324 10325 7ff7279c465c GetProcAddress 10321->10325 10323 7ff7279c2db0 10 API calls 10322->10323 10323->10427 10328 7ff7279c2db0 10 API calls 10324->10328 10326 7ff7279c4bf8 10325->10326 10327 7ff7279c4678 GetProcAddress 10325->10327 10329 7ff7279c2db0 10 API calls 10326->10329 10330 7ff7279c4694 GetProcAddress 10327->10330 10331 7ff7279c4c58 10327->10331 10328->10427 10329->10427 10333 7ff7279c4c40 10330->10333 10334 7ff7279c46b0 GetProcAddress 10330->10334 10332 7ff7279c2db0 10 API calls 10331->10332 10332->10427 10337 7ff7279c2db0 10 API calls 10333->10337 10335 7ff7279c4c28 10334->10335 10336 7ff7279c46cc GetProcAddress 10334->10336 10340 7ff7279c2db0 10 API calls 10335->10340 10338 7ff7279c4c70 10336->10338 10339 7ff7279c46e8 GetProcAddress 10336->10339 10337->10427 10343 7ff7279c2db0 10 API calls 10338->10343 10341 7ff7279c4704 GetProcAddress 10339->10341 10342 7ff7279c4ce8 10339->10342 10340->10427 10344 7ff7279c4cd0 10341->10344 10345 7ff7279c4720 GetProcAddress 10341->10345 10346 7ff7279c2db0 10 API calls 10342->10346 10343->10427 10349 7ff7279c2db0 10 API calls 10344->10349 10347 7ff7279c4cb8 10345->10347 10348 7ff7279c473c GetProcAddress 10345->10348 10346->10427 10350 7ff7279c2db0 10 API calls 10347->10350 10351 7ff7279c4ca0 10348->10351 10352 7ff7279c4758 GetProcAddress 10348->10352 10349->10427 10350->10427 10353 7ff7279c2db0 10 API calls 10351->10353 10354 7ff7279c4774 GetProcAddress 10352->10354 10355 7ff7279c4c88 10352->10355 10353->10427 10356 7ff7279c4d00 10354->10356 10357 7ff7279c4790 GetProcAddress 10354->10357 10358 7ff7279c2db0 10 API calls 10355->10358 10361 7ff7279c2db0 10 API calls 10356->10361 10359 7ff7279c4d30 10357->10359 10360 7ff7279c47ac GetProcAddress 10357->10360 10358->10427 10362 7ff7279c2db0 10 API calls 10359->10362 10363 7ff7279c4d18 10360->10363 10364 7ff7279c47c8 GetProcAddress 10360->10364 10361->10427 10362->10427 10365 7ff7279c2db0 10 API calls 10363->10365 10366 7ff7279c4d60 10364->10366 10367 7ff7279c47e4 GetProcAddress 10364->10367 10365->10427 10368 7ff7279c2db0 10 API calls 10366->10368 10369 7ff7279c4800 GetProcAddress 10367->10369 10370 7ff7279c4d48 10367->10370 10368->10427 10372 7ff7279c4d90 10369->10372 10373 7ff7279c481c GetProcAddress 10369->10373 10371 7ff7279c2db0 10 API calls 10370->10371 10371->10427 10376 7ff7279c2db0 10 API calls 10372->10376 10374 7ff7279c4d78 10373->10374 10375 7ff7279c4838 GetProcAddress 10373->10375 10377 7ff7279c2db0 10 API calls 10374->10377 10378 7ff7279c4df0 10375->10378 10379 7ff7279c4854 GetProcAddress 10375->10379 10376->10427 10377->10427 10380 7ff7279c2db0 10 API calls 10378->10380 10381 7ff7279c4870 GetProcAddress 10379->10381 10382 7ff7279c4dd8 10379->10382 10380->10427 10383 7ff7279c4dc0 10381->10383 10384 7ff7279c488c GetProcAddress 10381->10384 10385 7ff7279c2db0 10 API calls 10382->10385 10388 7ff7279c2db0 10 API calls 10383->10388 10386 7ff7279c4da8 10384->10386 10387 7ff7279c48a8 GetProcAddress 10384->10387 10385->10427 10389 7ff7279c2db0 10 API calls 10386->10389 10390 7ff7279c4e80 10387->10390 10391 7ff7279c48c4 GetProcAddress 10387->10391 10388->10427 10389->10427 10394 7ff7279c2db0 10 API calls 10390->10394 10392 7ff7279c48e0 GetProcAddress 10391->10392 10393 7ff7279c4e68 10391->10393 10395 7ff7279c4e50 10392->10395 10396 7ff7279c48fc GetProcAddress 10392->10396 10397 7ff7279c2db0 10 API calls 10393->10397 10394->10427 10400 7ff7279c2db0 10 API calls 10395->10400 10398 7ff7279c4e38 10396->10398 10399 7ff7279c4918 GetProcAddress 10396->10399 10397->10427 10401 7ff7279c2db0 10 API calls 10398->10401 10402 7ff7279c4e20 10399->10402 10403 7ff7279c4934 GetProcAddress 10399->10403 10400->10427 10401->10427 10404 7ff7279c2db0 10 API calls 10402->10404 10405 7ff7279c4950 GetProcAddress 10403->10405 10406 7ff7279c4e08 10403->10406 10404->10427 10407 7ff7279c4f10 10405->10407 10408 7ff7279c496c GetProcAddress 10405->10408 10409 7ff7279c2db0 10 API calls 10406->10409 10412 7ff7279c2db0 10 API calls 10407->10412 10410 7ff7279c4ef8 10408->10410 10411 7ff7279c4988 GetProcAddress 10408->10411 10409->10427 10415 7ff7279c2db0 10 API calls 10410->10415 10413 7ff7279c4ee0 10411->10413 10414 7ff7279c49a4 GetProcAddress 10411->10414 10412->10427 10416 7ff7279c2db0 10 API calls 10413->10416 10417 7ff7279c49c0 GetProcAddress 10414->10417 10418 7ff7279c4ec8 10414->10418 10415->10427 10416->10427 10420 7ff7279c4eb0 10417->10420 10421 7ff7279c49dc GetProcAddress 10417->10421 10419 7ff7279c2db0 10 API calls 10418->10419 10419->10427 10422 7ff7279c2db0 10 API calls 10420->10422 10423 7ff7279c4e98 10421->10423 10424 7ff7279c49f8 GetProcAddress 10421->10424 10422->10427 10425 7ff7279c2db0 10 API calls 10423->10425 10426 7ff7279c4f40 10424->10426 10424->10427 10425->10427 10428 7ff7279c2db0 10 API calls 10426->10428 10427->10202 10428->10427 10430 7ff7279c421b 10429->10430 10431 7ff7279c8220 10 API calls 10430->10431 10432 7ff7279c4234 10431->10432 10433 7ff7279cf1cb 5 API calls 10432->10433 10434 7ff7279c4241 10433->10434 10434->10200 10434->10203 10438 7ff7279c4fc4 10435->10438 10436 7ff7279c5062 strncmp 10436->10438 10437 7ff7279c1ab0 10 API calls 10437->10438 10438->10436 10438->10437 10439 7ff7279c508a mbstowcs 10438->10439 10441 7ff7279c50d8 10438->10441 10444 7ff7279c50dd 10438->10444 10439->10438 10440 7ff7279c51b6 10439->10440 10442 7ff7279c2cd0 10 API calls 10440->10442 10443 7ff7279c512b _setmode 10441->10443 10441->10444 10442->10444 10445 7ff7279c5142 _fileno _setmode 10443->10445 10451 7ff7279c8320 calloc 10444->10451 10446 7ff7279c515a fflush 10445->10446 10447 7ff7279c5169 fflush 10446->10447 10448 7ff7279c5175 10447->10448 10449 7ff7279c5186 setbuf 10448->10449 10450 7ff7279c5197 setbuf 10449->10450 10450->10444 10452 7ff7279c8399 10451->10452 10455 7ff7279c8346 10451->10455 10452->10232 10453 7ff7279c83b0 10453->10232 10454 7ff7279c8220 10 API calls 10454->10455 10455->10453 10455->10454 10456 7ff7279c8371 10455->10456 10457 7ff7279c8380 free 10456->10457 10457->10457 10458 7ff7279c8391 free 10457->10458 10458->10452 10460 7ff7279c5947 10459->10460 10461 7ff7279c5987 10460->10461 10462 7ff7279c59bc 10460->10462 10464 7ff7279c5997 10461->10464 10465 7ff7279c2cd0 10 API calls 10461->10465 10463 7ff7279c2cd0 10 API calls 10462->10463 10463->10464 10464->10255 10466 7ff7279c59b0 10465->10466 10466->10255 10469 7ff7279c2300 10467->10469 10468 7ff7279c2335 10468->9508 10469->10468 10470 7ff7279c2cd0 10 API calls 10469->10470 10470->10469 10474 7ff7279ce280 setlocale 10471->10474 10475 7ff7279ce2bf setlocale 10474->10475 10476 7ff7279ce2af _strdup 10474->10476 10477 7ff7279ce55d wcstombs realloc wcstombs setlocale free 10475->10477 10478 7ff7279ce2de 10475->10478 10476->10475 10479 7ff7279c40c0 strcpy 10477->10479 10478->10477 10480 7ff7279ce2ed mbstowcs 10478->10480 10479->9520 10481 7ff7279ce240 10480->10481 10482 7ff7279ce346 mbstowcs 10481->10482 10483 7ff7279ce386 10482->10483 10484 7ff7279ce55a 10483->10484 10490 7ff7279ce3ba 10483->10490 10484->10477 10485 7ff7279ce4d0 wcstombs realloc wcstombs 10489 7ff7279ce531 setlocale free 10485->10489 10486 7ff7279ce46b wcstombs 10487 7ff7279ce49b wcstombs 10486->10487 10488 7ff7279ce48d 10486->10488 10487->10489 10491 7ff7279ce4c6 10487->10491 10488->10487 10489->10479 10490->10485 10490->10486 10491->10489 11418 7ff7279c9340 11419 7ff7279c934e 11418->11419 11420 7ff7279c936c memcpy 11419->11420 11423 7ff7279c8c4a 11419->11423 11420->11419 11421 7ff7279c86c0 4 API calls 11421->11423 11422 7ff7279c8de1 11423->11421 11423->11422 11823 7ff7279c8f90 11825 7ff7279c8c4a 11823->11825 11826 7ff7279c8de1 11823->11826 11824 7ff7279c86c0 4 API calls 11824->11825 11825->11824 11825->11826 11932 7ff7279c9468 11934 7ff7279c8c4a 11932->11934 11933 7ff7279c86c0 4 API calls 11933->11934 11934->11933 11935 7ff7279c8de1 11934->11935

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007FF7279C1154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 602970348-4108050209
                                                                                                                                                                                          • Opcode ID: 3f1495ab5511cedd742e9f649de3f4595af5626ce0540d783a195cd6d88b8f4f
                                                                                                                                                                                          • Instruction ID: a19b0787944a7c4d639931242bc98cd536adccdfc92ae39e1e6552f288cb244b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f1495ab5511cedd742e9f649de3f4595af5626ce0540d783a195cd6d88b8f4f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B61EB75E09B578AFB00AB96DE8436863B0FB4AB84F904436CD8D57365DE3CE4428F60
                                                                                                                                                                                          Function 00007FF7279C8C70 Relevance: 6.9, Strings: 5, Instructions: 602COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 529 7ff7279c8c70-7ff7279c8c73 530 7ff7279c8c75-7ff7279c8c77 529->530 531 7ff7279c8ca6-7ff7279c8cc6 529->531 532 7ff7279c9a50-7ff7279c9a64 530->532 533 7ff7279c8c7d-7ff7279c8c7f 530->533 534 7ff7279ca6ac-7ff7279ca6ca 531->534 535 7ff7279c8ccc-7ff7279c8ce1 call 7ff7279cbc20 531->535 536 7ff7279c8c90-7ff7279c8ca4 533->536 538 7ff7279ca6d4-7ff7279ca6ea 534->538 546 7ff7279c8cea-7ff7279c8cf7 535->546 536->531 539 7ff7279c8c88-7ff7279c8c8a 536->539 541 7ff7279c9020-7ff7279c9045 538->541 539->536 542 7ff7279c9a70-7ff7279c9a86 539->542 544 7ff7279c9070-7ff7279c907e call 7ff7279c86c0 541->544 545 7ff7279c9047-7ff7279c904b 541->545 556 7ff7279c9083-7ff7279c9085 544->556 547 7ff7279c909d-7ff7279c90b5 545->547 548 7ff7279c904d-7ff7279c9057 545->548 546->532 550 7ff7279c8cfd-7ff7279c8d05 546->550 551 7ff7279c90c0-7ff7279c90df 547->551 552 7ff7279c90b7-7ff7279c90ba 547->552 548->547 555 7ff7279c9059-7ff7279c9061 548->555 553 7ff7279c8eb0-7ff7279c8eb3 550->553 554 7ff7279c8d0b-7ff7279c8d2d 550->554 560 7ff7279c90e5-7ff7279c9108 551->560 561 7ff7279c9a90 551->561 552->551 557 7ff7279c9aa0-7ff7279c9abf 552->557 562 7ff7279ca5c0 553->562 563 7ff7279c8eb9-7ff7279c8ebb 553->563 558 7ff7279c8d33-7ff7279c8d36 554->558 559 7ff7279c9e50-7ff7279c9e6b 554->559 555->544 564 7ff7279c9063-7ff7279c9068 555->564 565 7ff7279c9dd0-7ff7279c9de0 556->565 566 7ff7279c908b-7ff7279c9099 556->566 571 7ff7279c9ae0-7ff7279c9aea call 7ff7279cbc20 557->571 572 7ff7279c9ac1-7ff7279c9ac6 call 7ff7279cc220 557->572 567 7ff7279c8d68-7ff7279c8d82 558->567 568 7ff7279c8d38-7ff7279c8d3c 558->568 569 7ff7279c9114-7ff7279c9117 560->569 570 7ff7279c910a-7ff7279c9112 560->570 561->557 585 7ff7279ca5c8-7ff7279ca5d4 562->585 573 7ff7279ca5f5-7ff7279ca607 563->573 574 7ff7279c8ec1-7ff7279c8ee8 563->574 564->547 575 7ff7279c906a 564->575 565->559 566->547 580 7ff7279ca39e-7ff7279ca3af 567->580 581 7ff7279c8d88-7ff7279c8d8b 567->581 576 7ff7279c8d50-7ff7279c8d64 568->576 577 7ff7279c8d3e 568->577 578 7ff7279c911d-7ff7279c9138 569->578 579 7ff7279ca1e5 569->579 570->569 570->578 606 7ff7279c9acb-7ff7279c9ad4 571->606 572->606 583 7ff7279c994b-7ff7279c9963 574->583 584 7ff7279c8eee-7ff7279c8ef1 574->584 575->544 588 7ff7279c8d66 576->588 589 7ff7279c8d48-7ff7279c8d4a 576->589 587 7ff7279c9ba2-7ff7279c9bae 577->587 595 7ff7279ca1f0-7ff7279ca207 579->595 604 7ff7279ca3f7-7ff7279ca405 580->604 592 7ff7279c8d91-7ff7279c8d93 581->592 593 7ff7279ca482-7ff7279ca4a2 581->593 590 7ff7279c9965-7ff7279c9967 583->590 591 7ff7279c9998-7ff7279c99d8 583->591 584->595 596 7ff7279c8ef7-7ff7279c8efa 584->596 585->573 587->541 588->567 589->576 603 7ff7279c9ba0 589->603 590->532 598 7ff7279c996d-7ff7279c996f 590->598 601 7ff7279c99e6-7ff7279c99f4 591->601 602 7ff7279c99da-7ff7279c99e0 591->602 592->580 605 7ff7279c8d99-7ff7279c8da2 592->605 607 7ff7279ca698-7ff7279ca6a2 call 7ff7279cbc20 593->607 608 7ff7279ca4a8-7ff7279ca4c7 call 7ff7279cc220 593->608 610 7ff7279ca379-7ff7279ca37c 595->610 599 7ff7279c8df0-7ff7279c8e13 596->599 600 7ff7279c8f00-7ff7279c8f25 596->600 611 7ff7279c9980-7ff7279c9994 598->611 617 7ff7279ca8e0-7ff7279ca8f8 599->617 618 7ff7279c8e19-7ff7279c8e28 599->618 614 7ff7279c8f27-7ff7279c8f29 600->614 615 7ff7279c8f58-7ff7279c8f68 600->615 623 7ff7279c9a02-7ff7279c9a0e 601->623 602->601 602->604 603->587 604->593 612 7ff7279c8da4 605->612 613 7ff7279c8da6-7ff7279c8dab 605->613 606->551 607->534 636 7ff7279ca4cf-7ff7279ca4dc 608->636 610->585 627 7ff7279ca382-7ff7279ca399 610->627 620 7ff7279c9996 611->620 621 7ff7279c9978-7ff7279c997a 611->621 612->613 613->580 628 7ff7279c8db1-7ff7279c8dcd 613->628 614->532 622 7ff7279c8f2f-7ff7279c8f31 614->622 625 7ff7279ca1a5-7ff7279ca1bb 615->625 626 7ff7279c8f6e-7ff7279c8f85 615->626 632 7ff7279c8e31-7ff7279c8e34 618->632 620->591 621->542 621->611 635 7ff7279c8f40-7ff7279c8f54 622->635 633 7ff7279c9a13-7ff7279c9a22 623->633 630 7ff7279ca8c3-7ff7279ca8db 625->630 631 7ff7279ca1c1-7ff7279ca1c3 625->631 634 7ff7279c9005-7ff7279c9017 626->634 627->634 628->634 630->541 631->579 637 7ff7279c9c70-7ff7279c9cac 632->637 638 7ff7279c8e3a-7ff7279c8e43 632->638 633->636 641 7ff7279c9a28-7ff7279c9a45 633->641 634->541 639 7ff7279c8f56 635->639 640 7ff7279c8f38-7ff7279c8f3a 635->640 642 7ff7279c9cfc-7ff7279c9cfe 637->642 643 7ff7279c9cae-7ff7279c9cb0 637->643 638->637 644 7ff7279c8e49-7ff7279c8e95 call 7ff7279cc360 638->644 639->615 640->542 640->635 641->532 641->632 642->623 647 7ff7279c9d04-7ff7279c9d07 642->647 643->532 645 7ff7279c9cb6-7ff7279c9cb8 643->645 656 7ff7279c8e9b-7ff7279c8ea7 644->656 657 7ff7279c8c4a-7ff7279c8c52 644->657 648 7ff7279c9cc8-7ff7279c9cf5 645->648 650 7ff7279ca4e1-7ff7279ca525 647->650 651 7ff7279c9d0d-7ff7279c9d1e 647->651 654 7ff7279c9cc0-7ff7279c9cc2 648->654 655 7ff7279c9cf7-7ff7279c9cf9 648->655 652 7ff7279ca58f-7ff7279ca5ac 650->652 653 7ff7279ca527-7ff7279ca529 650->653 658 7ff7279c9d20-7ff7279c9d23 651->658 652->658 662 7ff7279ca5b2 652->662 653->532 661 7ff7279ca52f-7ff7279ca53d 653->661 654->542 654->648 655->642 656->546 659 7ff7279c8de1-7ff7279c8de7 657->659 660 7ff7279c8c58-7ff7279c8c63 657->660 658->610 663 7ff7279c9d29-7ff7279c9d3e 658->663 659->578 660->529 664 7ff7279ca548-7ff7279ca586 661->664 662->633 663->546 665 7ff7279ca540-7ff7279ca542 664->665 666 7ff7279ca588-7ff7279ca58d 664->666 665->538 665->664 666->652
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: incorrect data check$invalid block type$invalid literal/length code$invalid stored block lengths$too many length or distance symbols
                                                                                                                                                                                          • API String ID: 0-817236767
                                                                                                                                                                                          • Opcode ID: 7ce630f837abf13609c1b3aebf198b0f26e0cbd5169ff426b39cb233e74f5f8f
                                                                                                                                                                                          • Instruction ID: 82d509c7932d8e76cd1578a6bf544534d1f3d5abbd3faf6c37fe48712dc543f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ce630f837abf13609c1b3aebf198b0f26e0cbd5169ff426b39cb233e74f5f8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D42F373A197938BEB509F25D948A3EBBA5F749794F814138DA8A43784DB38E901CF10
                                                                                                                                                                                          Function 00007FF7279C9468 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid distances set$invalid literal/lengths set
                                                                                                                                                                                          • API String ID: 0-1153561608
                                                                                                                                                                                          • Opcode ID: aae9cb5913c5918fec6486d71b8d54f17870bb16241025791439fe6f7231ab47
                                                                                                                                                                                          • Instruction ID: 08027dcb6624244f7a8f20ce20af2d17444e69d1226c2805a88df1093279b8e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: aae9cb5913c5918fec6486d71b8d54f17870bb16241025791439fe6f7231ab47
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF1E532A187538BEB50DF25DA48A2EB7A4F749394F82413DDA8A43784DB38E945CF14
                                                                                                                                                                                          Function 00007FF7279C85F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                          • Opcode ID: 00070dc9b6b6e8e33be2f59424bb77e27923a33cdb5effbd49dfac46b6330883
                                                                                                                                                                                          • Instruction ID: 196e44c756c3f246dc686a7d32531769e1d731a447f7afa0ec98cb12fbd408da
                                                                                                                                                                                          • Opcode Fuzzy Hash: 00070dc9b6b6e8e33be2f59424bb77e27923a33cdb5effbd49dfac46b6330883
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF06C29A1975282F7E0AB60F60976D6650E785774FC04334D5FD416D4CF7CC14A8F11
                                                                                                                                                                                          Function 00007FF7279C1C80 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 123COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen$fclose$freadfreemallocstrcpystrtok
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                          • API String ID: 790192563-666925554
                                                                                                                                                                                          • Opcode ID: 72feaa5cebee458776f522eacdb4cb7837d3066a7e4772121c530e4990d23ee2
                                                                                                                                                                                          • Instruction ID: d01f444a560d2de1e7dc81e3b9ece13a7e993d3c16b9a382c45edd97b716c736
                                                                                                                                                                                          • Opcode Fuzzy Hash: 72feaa5cebee458776f522eacdb4cb7837d3066a7e4772121c530e4990d23ee2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41DF60A4970341FE14BB228F946B99241EF1BBD4FC44139DE9D0B2D6EE2CE9178F24
                                                                                                                                                                                          Function 00007FF7279C7250 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 118COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _wputenv_s.MSVCRT ref: 00007FF7279C72A1
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C72AC
                                                                                                                                                                                          • GetTempPathW.KERNEL32 ref: 00007FF7279C72D0
                                                                                                                                                                                          • _getpid.MSVCRT(?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C72D6
                                                                                                                                                                                          • _wtempnam.MSVCRT ref: 00007FF7279C72FF
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C7314
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C733E
                                                                                                                                                                                            • Part of subcall function 00007FF7279C6FC0: GetEnvironmentVariableW.KERNEL32 ref: 00007FF7279C6FEC
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7279C712B
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: free.MSVCRT ref: 00007FF7279C7136
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: _wfullpath.MSVCRT ref: 00007FF7279C715E
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C718D
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: wcsncpy.MSVCRT ref: 00007FF7279C71BB
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71C5
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71D0
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71E2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$CreateDirectoryEnvironmentwcschr$ExpandPathStringsTempVariable_getpid_wfullpath_wputenv_s_wtempnamwcsncpy
                                                                                                                                                                                          • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                          • API String ID: 2180377646-1116378104
                                                                                                                                                                                          • Opcode ID: a9cb278179ab2ec7eaa1db4644535128d6cf581c9eab638fbda7be499082a0f6
                                                                                                                                                                                          • Instruction ID: 3f167e377c9d13230ff7394a7c8785ba4b9c3b04c2c175f95785c538aa7d00de
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9cb278179ab2ec7eaa1db4644535128d6cf581c9eab638fbda7be499082a0f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29416E21E0971300FD65B7226F1A6B9D251EF4BB90FC44439EC8E47792ED3EE4068E60
                                                                                                                                                                                          Function 00007FF7279C79A0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 98processsynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fileno_get_osfhandlesignal$Process$ByteCharCodeCommandCreateExitInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                          • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                          • API String ID: 979768843-3524285272
                                                                                                                                                                                          • Opcode ID: a020942c2306175fc575b3dcbcf1fbee665c5cf4ceceac576c63f8daeeef939e
                                                                                                                                                                                          • Instruction ID: 66a78311a3bc378e12b8f55b2b99ef8571738cf860f4832e287bdb3faeeea44f
                                                                                                                                                                                          • Opcode Fuzzy Hash: a020942c2306175fc575b3dcbcf1fbee665c5cf4ceceac576c63f8daeeef939e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E418131A0878346EB20BB60F9593EAA350EB86794F804139DACD077DADF7DD0468F50
                                                                                                                                                                                          Function 00007FF7279C1710 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 198fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 101 7ff7279c1710-7ff7279c177d call 7ff7279c8af0 104 7ff7279c1783-7ff7279c1793 malloc 101->104 105 7ff7279c19fb-7ff7279c1a13 call 7ff7279c2cd0 101->105 106 7ff7279c1a5a-7ff7279c1a71 call 7ff7279c2e50 104->106 107 7ff7279c1799-7ff7279c17a9 malloc 104->107 116 7ff7279c1a18-7ff7279c1a36 105->116 117 7ff7279c1a52 106->117 111 7ff7279c17af 107->111 112 7ff7279c1a3b-7ff7279c1a4d call 7ff7279c2e50 107->112 115 7ff7279c17b3-7ff7279c17d5 fread 111->115 112->117 118 7ff7279c18f5 115->118 119 7ff7279c17db-7ff7279c17e5 ferror 115->119 121 7ff7279c1990-7ff7279c1998 116->121 117->106 120 7ff7279c18fa-7ff7279c1927 call 7ff7279ca980 free * 2 118->120 119->118 122 7ff7279c17eb-7ff7279c1805 119->122 124 7ff7279c1893-7ff7279c1895 121->124 125 7ff7279c1808-7ff7279c1824 call 7ff7279c8ba0 122->125 124->125 128 7ff7279c189b-7ff7279c18b5 124->128 132 7ff7279c18d0-7ff7279c18d3 125->132 133 7ff7279c182a-7ff7279c182d 125->133 130 7ff7279c1a73-7ff7279c1a75 128->130 131 7ff7279c18bb-7ff7279c18be 128->131 130->120 131->115 134 7ff7279c18c4-7ff7279c18cc 131->134 136 7ff7279c1833-7ff7279c184c 132->136 138 7ff7279c18d9-7ff7279c18dc 132->138 135 7ff7279c1930-7ff7279c1936 133->135 133->136 134->120 137 7ff7279c18ce 134->137 141 7ff7279c18e2-7ff7279c18f0 call 7ff7279c2cd0 135->141 139 7ff7279c1852-7ff7279c1874 fwrite 136->139 140 7ff7279c1940-7ff7279c1949 136->140 137->141 138->141 142 7ff7279c187a-7ff7279c1889 ferror 139->142 143 7ff7279c19ed-7ff7279c19f6 139->143 140->124 144 7ff7279c194f-7ff7279c1953 140->144 141->118 142->143 146 7ff7279c188f 142->146 143->141 147 7ff7279c19a0-7ff7279c19eb 144->147 148 7ff7279c1955-7ff7279c1959 144->148 146->124 147->121 148->116 149 7ff7279c195f-7ff7279c1962 148->149 149->121 150 7ff7279c1964-7ff7279c1975 149->150 150->121 151 7ff7279c1977-7ff7279c198b 150->151 151->121
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                          • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$_MEIPASS2$malloc
                                                                                                                                                                                          • API String ID: 1635854594-2461342963
                                                                                                                                                                                          • Opcode ID: cfc86b9aab73181c8ed3a871631a8064c37e9672df566cc86717c2a71fe48a54
                                                                                                                                                                                          • Instruction ID: 8aa50c053ca59cda3184367f4cf4b765baec85a3ea422c05912404ae0cbe769e
                                                                                                                                                                                          • Opcode Fuzzy Hash: cfc86b9aab73181c8ed3a871631a8064c37e9672df566cc86717c2a71fe48a54
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E81C472A0C78381EA20AB15EE403BAA391FB5ABA4F944135DECD437D5DE3CD4868F14
                                                                                                                                                                                          Function 00007FF7279C8450 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                          • API String ID: 1339360106-2855260032
                                                                                                                                                                                          • Opcode ID: 0497149e8c3fb6e84a401f01f6594c2d405277c2ffd547084d30d6de1b7ae538
                                                                                                                                                                                          • Instruction ID: cee7c9beb727f8532adb8296b532de90869bf1789db8750a3b645469cb6641a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0497149e8c3fb6e84a401f01f6594c2d405277c2ffd547084d30d6de1b7ae538
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31873160874346E7206B11BE44BAAA361FB86BA5F944235EDAD47BD4DF7CE406CF10
                                                                                                                                                                                          Function 00007FF7279CE5F0 Relevance: 25.9, APIs: 17, Instructions: 353COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 167 7ff7279ce5f0-7ff7279ce61d call 7ff7279d8588 170 7ff7279ce62f-7ff7279ce648 setlocale 167->170 171 7ff7279ce61f-7ff7279ce62b _strdup 167->171 172 7ff7279cea7b-7ff7279ceaf1 wcstombs realloc wcstombs setlocale free 170->172 173 7ff7279ce64e-7ff7279ce657 170->173 171->170 174 7ff7279ceaf8-7ff7279ceb04 172->174 173->172 175 7ff7279ce65d-7ff7279ce702 mbstowcs call 7ff7279ce240 mbstowcs 173->175 178 7ff7279ce704-7ff7279ce70f 175->178 179 7ff7279ce76b-7ff7279ce770 175->179 182 7ff7279ce711-7ff7279ce71c 178->182 183 7ff7279ce71e-7ff7279ce733 178->183 180 7ff7279ce772-7ff7279ce781 179->180 181 7ff7279ce78b-7ff7279ce795 179->181 180->181 184 7ff7279ce783-7ff7279ce788 180->184 185 7ff7279cea71-7ff7279cea74 181->185 186 7ff7279ce79b-7ff7279ce7ab 181->186 182->179 182->183 187 7ff7279ce735-7ff7279ce743 183->187 188 7ff7279ce78a 183->188 184->181 185->172 189 7ff7279ce801-7ff7279ce80b 186->189 187->188 190 7ff7279ce745-7ff7279ce766 setlocale free 187->190 188->181 191 7ff7279ce7ad-7ff7279ce7b8 189->191 192 7ff7279ce80d 189->192 193 7ff7279cea76-7ff7279cea79 190->193 195 7ff7279ce7ce-7ff7279ce7d9 191->195 196 7ff7279ce7ba-7ff7279ce7c5 191->196 194 7ff7279ce810-7ff7279ce818 192->194 193->174 197 7ff7279ce81f-7ff7279ce82c 194->197 198 7ff7279ce81a-7ff7279ce9c3 194->198 201 7ff7279ce7db-7ff7279ce7e6 195->201 202 7ff7279ce7c9 195->202 199 7ff7279ce7fc 196->199 200 7ff7279ce7c7 196->200 204 7ff7279ce82e-7ff7279ce839 197->204 205 7ff7279ce848-7ff7279ce850 197->205 207 7ff7279ce9c5-7ff7279ce9d0 198->207 208 7ff7279ce9d2-7ff7279ce9d7 198->208 199->189 200->195 201->202 206 7ff7279ce7e8-7ff7279ce7f2 201->206 202->195 204->197 209 7ff7279ce83b-7ff7279ce846 204->209 210 7ff7279ce852-7ff7279ce85d 205->210 211 7ff7279ce8aa-7ff7279ce8c0 205->211 212 7ff7279ce7f4-7ff7279ce7f8 206->212 213 7ff7279ce80f 206->213 207->208 214 7ff7279ce9d9-7ff7279ce9e5 207->214 215 7ff7279ce9ea-7ff7279cea49 wcstombs realloc wcstombs 208->215 209->197 209->205 216 7ff7279ce85f-7ff7279ce86a 210->216 217 7ff7279ce86c-7ff7279ce881 210->217 218 7ff7279ce8c7-7ff7279ce8d2 211->218 212->199 213->194 214->215 221 7ff7279cea4e-7ff7279cea6f setlocale free 215->221 216->211 216->217 217->211 222 7ff7279ce883-7ff7279ce892 217->222 219 7ff7279ce8d4-7ff7279ce8df 218->219 220 7ff7279ce8c2 218->220 219->220 223 7ff7279ce8e1-7ff7279ce8ed 219->223 220->218 221->193 222->211 224 7ff7279ce894-7ff7279ce8a3 222->224 225 7ff7279ce903-7ff7279ce907 223->225 226 7ff7279ce8ef-7ff7279ce901 223->226 224->211 227 7ff7279ce8a5 224->227 228 7ff7279ce90b-7ff7279ce913 225->228 226->225 226->228 227->211 229 7ff7279ce96a-7ff7279ce974 228->229 230 7ff7279ce915-7ff7279ce932 229->230 231 7ff7279ce976-7ff7279ce99f wcstombs 229->231 232 7ff7279ce934-7ff7279ce947 230->232 233 7ff7279ce950-7ff7279ce95b 230->233 231->221 234 7ff7279ce9a5-7ff7279ce9b3 231->234 232->229 235 7ff7279ce949 232->235 236 7ff7279ce94b 233->236 237 7ff7279ce95d-7ff7279ce968 233->237 234->221 235->233 236->233 237->229 237->236
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 918573998-0
                                                                                                                                                                                          • Opcode ID: 4b7385559aa46db93829432bf12a210f03dc4da2465b529b856d97591f0e4cf9
                                                                                                                                                                                          • Instruction ID: f48fbb509de98b3096936b47dfb1fa87b30a37f61a05e454357db1673e4b744d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b7385559aa46db93829432bf12a210f03dc4da2465b529b856d97591f0e4cf9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F14F66F04B1688EF50ABA6C9452BC73B4FB09B98F844439DE8D17799DF38D4428B20
                                                                                                                                                                                          Function 00007FF7279C1E80 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freadmalloc$fcloseferrorfree
                                                                                                                                                                                          • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 1320676746-1463511288
                                                                                                                                                                                          • Opcode ID: d38801d3b9759630f4c37cb6695d853945c134362cee775070e13a4e0381d21b
                                                                                                                                                                                          • Instruction ID: 2902b1c54debedb522e8f63be2e7dee280cd29cfc99084bbdb49603322cf42ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: d38801d3b9759630f4c37cb6695d853945c134362cee775070e13a4e0381d21b
                                                                                                                                                                                          • Instruction Fuzzy Hash: E6515F71A0970396EE14EB15DA84179A7A1FB4EB40F84803ADA4D47795DF3CE462CF24
                                                                                                                                                                                          Function 00007FF7279C16D0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 285stringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 280 7ff7279c16d0-7ff7279c3b83 call 7ff7279c8170 call 7ff7279ce240 call 7ff7279c21b0 288 7ff7279c3b89-7ff7279c3b9c call 7ff7279c42f0 280->288 289 7ff7279c3f38 280->289 288->289 293 7ff7279c3ba2-7ff7279c3bb7 call 7ff7279c4380 288->293 292 7ff7279c3f40-7ff7279c3f4f call 7ff7279c5ee0 289->292 298 7ff7279c3f51-7ff7279c3f5d call 7ff7279c6100 292->298 299 7ff7279c3f5f-7ff7279c3f73 call 7ff7279c6310 call 7ff7279c61b0 292->299 293->289 302 7ff7279c3bbd-7ff7279c3bd2 call 7ff7279c4370 293->302 298->299 306 7ff7279c3fd8-7ff7279c3fe5 call 7ff7279c6430 298->306 314 7ff7279c3f80-7ff7279c3f90 call 7ff7279c20b0 299->314 302->289 311 7ff7279c3bd8-7ff7279c3bed call 7ff7279c6fc0 302->311 316 7ff7279c3fea-7ff7279c3ff5 fclose 306->316 318 7ff7279c3d50-7ff7279c3d61 call 7ff7279c70b0 call 7ff7279c20b0 311->318 319 7ff7279c3bf3-7ff7279c3c0d call 7ff7279c6fc0 311->319 326 7ff7279c3c56-7ff7279c3c8a call 7ff7279c8220 314->326 327 7ff7279c3f96 314->327 321 7ff7279c3fa6-7ff7279c3fb5 call 7ff7279c2cd0 316->321 338 7ff7279c3d66-7ff7279c3d68 318->338 329 7ff7279c3c0f-7ff7279c3c15 319->329 330 7ff7279c3c38-7ff7279c3c50 call 7ff7279c70b0 call 7ff7279c20b0 319->330 321->289 345 7ff7279c3c90-7ff7279c3ca9 SetDllDirectoryW call 7ff7279c6170 326->345 346 7ff7279c3ff7-7ff7279c4003 call 7ff7279c2cd0 326->346 333 7ff7279c3f26-7ff7279c3f33 call 7ff7279c2cd0 327->333 335 7ff7279c3f00 329->335 336 7ff7279c3c1b-7ff7279c3c33 free call 7ff7279c70b0 329->336 330->314 330->326 333->289 343 7ff7279c3f10-7ff7279c3f20 call 7ff7279c20b0 335->343 336->330 338->343 344 7ff7279c3d6e-7ff7279c3d8e call 7ff7279c3520 338->344 343->333 357 7ff7279c3da8-7ff7279c3dbd call 7ff7279c43b0 343->357 358 7ff7279c3d94-7ff7279c3d99 344->358 359 7ff7279c3e3e call 7ff7279c6170 344->359 360 7ff7279c3caf-7ff7279c3cb4 call 7ff7279c61b0 345->360 361 7ff7279c3e48-7ff7279c3e58 call 7ff7279c5cc0 345->361 346->289 373 7ff7279c3fa0 357->373 374 7ff7279c3dc3-7ff7279c3e10 call 7ff7279c7d40 357->374 358->357 367 7ff7279c3e43 359->367 366 7ff7279c3cb9-7ff7279c3cc6 strcmp 360->366 361->292 372 7ff7279c3e5e-7ff7279c3e6b call 7ff7279c61b0 361->372 370 7ff7279c3d0a-7ff7279c3d33 call 7ff7279c3a90 call 7ff7279c3aa0 call 7ff7279c3b00 call 7ff7279c6310 call 7ff7279c61b0 366->370 371 7ff7279c3cc8-7ff7279c3ceb call 7ff7279c3b20 366->371 367->361 402 7ff7279c3d38-7ff7279c3d4d 370->402 371->289 384 7ff7279c3cf1-7ff7279c3d05 strcpy 371->384 372->366 386 7ff7279c3e71-7ff7279c3e80 call 7ff7279c3580 372->386 373->321 374->316 383 7ff7279c3e16-7ff7279c3e38 call 7ff7279c3520 374->383 383->358 383->359 384->370 386->289 393 7ff7279c3e86-7ff7279c3e90 386->393 395 7ff7279c3e92 393->395 396 7ff7279c3e99-7ff7279c3eac call 7ff7279c7050 call 7ff7279c7990 393->396 395->396 396->289 405 7ff7279c3eb2-7ff7279c3ee5 call 7ff7279c3b10 call 7ff7279c79a0 call 7ff7279c6310 call 7ff7279c61b0 396->405 414 7ff7279c3fc0-7ff7279c3fc7 call 7ff7279c7470 405->414 415 7ff7279c3eeb-7ff7279c3ef3 call 7ff7279c21f0 405->415 418 7ff7279c3fcc 414->418 415->402 418->415
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$EnvironmentVariable$DirectoryFileModuleNamecallocstrcmpstrcpy
                                                                                                                                                                                          • String ID: Cannot side-load external archive %s (code %d)!$Error opening archive rN6uDF85M8 from executable (%s) or external archive (%s)$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                          • API String ID: 4056350997-281236135
                                                                                                                                                                                          • Opcode ID: 85bf5a271a289b2821c918bf24a51fbbcd3be025f9a92110439f314cd9aefddb
                                                                                                                                                                                          • Instruction ID: 567acb53f7c44863e0753c86e9b22d24ab2bf24a08e81d8a45d56bfa0c0c7b26
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85bf5a271a289b2821c918bf24a51fbbcd3be025f9a92110439f314cd9aefddb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CC15F21A1874350FE10BB229E511BAE264EF8ABC0FC44439ED8E477D6DE2CE5068F25
                                                                                                                                                                                          Function 00007FF7279C7470 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                          • String ID: _MEIPASS2
                                                                                                                                                                                          • API String ID: 3789554339-3944641314
                                                                                                                                                                                          • Opcode ID: 783135db922b313a80a274856640f928e7831e3083f4200206904cbcdd4c3728
                                                                                                                                                                                          • Instruction ID: f9d4e20cd21ae7388f01fb68cad9330f8778ffc2f7a56eb035df3ed1a0cc7cd7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 783135db922b313a80a274856640f928e7831e3083f4200206904cbcdd4c3728
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD219151B0874358ED10B712AE056BAD251FB4BBE0FC84535EE9D077CAED3DD4428E24
                                                                                                                                                                                          Function 00007FF7279C7690 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 102stringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen$ByteCharMultiWidefreememsetstrcpystrtok
                                                                                                                                                                                          • String ID: WARNING: file already exists but should not: %s
                                                                                                                                                                                          • API String ID: 901113649-146164175
                                                                                                                                                                                          • Opcode ID: f09b269ec4a1fe07a6c9d636c70e6cea8f5bccc4a07e1e624c02721d44c287be
                                                                                                                                                                                          • Instruction ID: 883209eaf6204e56d89035d726c5300167e39eee389be6dd649343f7389f235b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f09b269ec4a1fe07a6c9d636c70e6cea8f5bccc4a07e1e624c02721d44c287be
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64313A22B08A4344FD21B712AE4A6FAC251DF4ABD4FC84036ED8D46786DE2CE147CE60
                                                                                                                                                                                          Function 00007FF7279C75B0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcscatwcscmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3846154227-0
                                                                                                                                                                                          • Opcode ID: 59ba39cb8388809d39cca7b8102d7b0fbf420e8e659ed49af9f2976c08d04bed
                                                                                                                                                                                          • Instruction ID: e7af6863205d93858a790baf3cf7ba2a22d983469c8c9fc4c5257685e65aeb9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 59ba39cb8388809d39cca7b8102d7b0fbf420e8e659ed49af9f2976c08d04bed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19116020A0878355FE64BB229F156B99284DF4AFC4FC84035DE8E46286EE2DE5439E35
                                                                                                                                                                                          Function 00007FF7279C86C0 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: mallocmemcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4276657696-0
                                                                                                                                                                                          • Opcode ID: 61eaa1ab35641a1ad6f539a3031d6a572ba3cd1bcdd971e16e585366fc5a0095
                                                                                                                                                                                          • Instruction ID: b3cf30619ee3b8d80164827551ad8dd84bc4dbbac6b6a4788230a8efcbfdf00d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61eaa1ab35641a1ad6f539a3031d6a572ba3cd1bcdd971e16e585366fc5a0095
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0031DC727256424BD760EB26D985A6EF6E1FB89B80F545134DB8E87F40EA3CF4818F00
                                                                                                                                                                                          Function 00007FF7279C7D40 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                          • String ID: _MEIPASS2
                                                                                                                                                                                          • API String ID: 3061335427-3944641314
                                                                                                                                                                                          • Opcode ID: 8c92230eaaad3de29e18e061f26855356a5093ac706809785fbb2c15e87876fe
                                                                                                                                                                                          • Instruction ID: 36c0c75b0499c735c8057e146859dbc7f63096acdab5f1dd047a4b3f1bf8c4da
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c92230eaaad3de29e18e061f26855356a5093ac706809785fbb2c15e87876fe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2821A11271865301FE11BA129E497BAD646AF4EBC4FC80439DE4D4B692ED3EE943CE20
                                                                                                                                                                                          Function 00007FF7279C7050 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$ByteCharMultiWide_wputenv_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2386249605-0
                                                                                                                                                                                          • Opcode ID: 16350f9b1138cd2d4b7dcb4fb7e901fe3689b27c6f991750d34c9965f4a9b48e
                                                                                                                                                                                          • Instruction ID: ecc3cf49446cacb012660aa54cc3246609ffd9a8a634f50433e92a6173324c83
                                                                                                                                                                                          • Opcode Fuzzy Hash: 16350f9b1138cd2d4b7dcb4fb7e901fe3689b27c6f991750d34c9965f4a9b48e
                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E0E551B1826301BE6873B73E1B9BAC1418B4AFD0A855075AC4947B87DC2CD4424F10
                                                                                                                                                                                          Function 00007FF7279C6170 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                          • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                          • API String ID: 2635317215-799113134
                                                                                                                                                                                          • Opcode ID: 2ffff2677c742e4d75b8a438d74a042177ee15190e16fc09648dd6ea9d837ee2
                                                                                                                                                                                          • Instruction ID: 4f88cb5dc154848520ec386e2201aff157489ba3152e538757f1da048e8902b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ffff2677c742e4d75b8a438d74a042177ee15190e16fc09648dd6ea9d837ee2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E08C21E0870781EE10BB049A851A99390EB8A340FC40038D98C023A2DD3CE5078F20
                                                                                                                                                                                          Function 00007FF7279CF310 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fsetpos
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 850078086-0
                                                                                                                                                                                          • Opcode ID: 1b41710901f17b2eeca1497c090281577d230925116f41a5d4b4f06b87e02d06
                                                                                                                                                                                          • Instruction ID: 103151a82e95ae6d5ed7dadf2576d1d36d58b863b471c9405f5c730a7c2102ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b41710901f17b2eeca1497c090281577d230925116f41a5d4b4f06b87e02d06
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15114F73E04B03D9EF14AF6589451AC67A1EB0A7D8F900A39EE9D07789DF38D1528A60
                                                                                                                                                                                          Function 00007FF7279C20B0 Relevance: 3.0, APIs: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclosestrcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3396940900-0
                                                                                                                                                                                          • Opcode ID: a3ad25db15f60588623514ec90a7e761cfe62f1838e12f0dbc38abdeea06411e
                                                                                                                                                                                          • Instruction ID: ecb1b4d0016045c2d8ef014553948addfcb9f58549d455ea3397f7bd10a6b8ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: a3ad25db15f60588623514ec90a7e761cfe62f1838e12f0dbc38abdeea06411e
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1117361B0834340FB50B675AE553F69251DF59BC4F948036DD8D8768ADD2CD886CE60
                                                                                                                                                                                          Function 00007FF7279CF1CB Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freememsetwcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2332356550-0
                                                                                                                                                                                          • Opcode ID: 4b9ff6e7aa686ae237951dddcf5bd2688cc67d8365cf029270bce277d45698be
                                                                                                                                                                                          • Instruction ID: da967ae5304fe3e300b367f2b3079c0b8807f5a939a912136ace4dab50b52f36
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b9ff6e7aa686ae237951dddcf5bd2688cc67d8365cf029270bce277d45698be
                                                                                                                                                                                          • Instruction Fuzzy Hash: 85310B76F00B15C9DB00DF76C48109C7BB1FB59BA8B508526EE5C53B68DB34C491C7A0
                                                                                                                                                                                          Function 00007FF7279CEF00 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpymemset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1297977491-0
                                                                                                                                                                                          • Opcode ID: 3e7cd3d59118b199465456136e8bc5aa6b3bf50dbcff2041c2c4c44bafb46f53
                                                                                                                                                                                          • Instruction ID: 888c3177d4fbb899de6831ea4baf00ec4057452555be3ad10cfa1e1ad0c048a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e7cd3d59118b199465456136e8bc5aa6b3bf50dbcff2041c2c4c44bafb46f53
                                                                                                                                                                                          • Instruction Fuzzy Hash: D6212776B00B8689DB20DF6AD8843ED37A1F749B9CF418126CE6C1BB59DE34C641CB40
                                                                                                                                                                                          Function 00007FF7279CEE20 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpymemset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1297977491-0
                                                                                                                                                                                          • Opcode ID: 28245664c572555644c21b5e65988328f64a065fd9a3e6ebb93e0ea27bb1dba2
                                                                                                                                                                                          • Instruction ID: 09542882010e31ca7bfb6a0abe132fb7451d509a177ecad1df3ab63dc37d48fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28245664c572555644c21b5e65988328f64a065fd9a3e6ebb93e0ea27bb1dba2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9321E876B40B8689DB70DF6AD8843ED23A1E749BACF514225CE7C1BB99DE34C1418740
                                                                                                                                                                                          Function 00007FF7279C43B0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • _wfopen.MSVCRT ref: 00007FF7279C43F5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 372205238-0
                                                                                                                                                                                          • Opcode ID: 4579cfcb0f3334daeaaf7b323de48acbc150d2dfa9902d64ce50903cdcd48eec
                                                                                                                                                                                          • Instruction ID: 3eb546971edc81245630be1ef1810b82a7324194bcc5c7b999535e5e73419aac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4579cfcb0f3334daeaaf7b323de48acbc150d2dfa9902d64ce50903cdcd48eec
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4E0125171871241E9257312BE097A9C2169F4AFD4E848035EE4D5BB9ACD1CD6438F15
                                                                                                                                                                                          Function 00007FF7279C9340 Relevance: 1.4, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3510742995-0
                                                                                                                                                                                          • Opcode ID: 8ecaa912455c69dac76f6531f9098773f1cfe53416ab283d50a917500fe93d8f
                                                                                                                                                                                          • Instruction ID: 9cfd58bd4969979a3a45308baa12de125612f1436d71a82051981b227cfe8ad9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ecaa912455c69dac76f6531f9098773f1cfe53416ab283d50a917500fe93d8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 67519537A183538FEB50DB25E948A2FB7B4FB49794F558139DA8643A84CA38D841CF10
                                                                                                                                                                                          Function 00007FF7279CCBB0 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                          • Opcode ID: 2a8ed1b94c2ecad1366225d334ccb52ec1482a7a77aeb9910e81021007b9b4bb
                                                                                                                                                                                          • Instruction ID: dff4a67fc4d2d53020c3bb314a96b299c7a88f01171ed69eaf0fc6be9dd07f00
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a8ed1b94c2ecad1366225d334ccb52ec1482a7a77aeb9910e81021007b9b4bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D313C26F0571699FB10ABA5D9403BC3BB0E706B88F90447ADE8C57794DF3C9692CB20
                                                                                                                                                                                          Function 00007FF7279C8AF0 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 38f4e7e84bfde0e0d6dc9e7c5168d17b71f36d3212bb9a6eed58a8cdbdc102e6
                                                                                                                                                                                          • Instruction ID: ba709dc0eaf540987307e6a24137c8ef70bde5b73a3581a7723279499f0bebc4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 38f4e7e84bfde0e0d6dc9e7c5168d17b71f36d3212bb9a6eed58a8cdbdc102e6
                                                                                                                                                                                          • Instruction Fuzzy Hash: D621C431609B5346FF246B159D41B39A290EB8AB94FAC4539CD8E477D0DF38D843CB20

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00007FF7279C6100 Relevance: 166.6, APIs: 31, Strings: 64, Instructions: 348libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoadfree
                                                                                                                                                                                          • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                          • API String ID: 4213687213-1453502826
                                                                                                                                                                                          • Opcode ID: c2e6d4540a4c60292076206e747f6361b7b5078f52010b4212ae047e6f9e7330
                                                                                                                                                                                          • Instruction ID: 93c3a6593fbb9519cde8c499db94ae193e625b18796518d5c40f38397913866c
                                                                                                                                                                                          • Opcode Fuzzy Hash: c2e6d4540a4c60292076206e747f6361b7b5078f52010b4212ae047e6f9e7330
                                                                                                                                                                                          • Instruction Fuzzy Hash: C402C460A0EB0790EE55FB14EFA50B4A7A5EF5B780BC4543AC48D062A5EE6CE107CF30
                                                                                                                                                                                          Function 00007FF7279C2560 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                          • String ID: $BUTTON$Close$EDIT$Failed to IkuA6pOF script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                          • API String ID: 3223904152-27821387
                                                                                                                                                                                          • Opcode ID: 04f2d82e8ffba4cbe6a93567bbf6fed349d1fd3a2e228bf8f8276963421ee365
                                                                                                                                                                                          • Instruction ID: bc449c1d2395efb10bd05551be8389e6fe6d8d9b15e91adb761903c5215955cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04f2d82e8ffba4cbe6a93567bbf6fed349d1fd3a2e228bf8f8276963421ee365
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB91BE36218B9182E7509F61E85479BB760F789BD8F54413AEE8C0BB58CF7DC446CB60
                                                                                                                                                                                          Function 00007FF7279C7E60 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                          • API String ID: 1653872744-2573406579
                                                                                                                                                                                          • Opcode ID: 986c6a5c80ed7a44c127ec6f77dd0ea331600ecf95512dcf3895e6b9ac4bd1b4
                                                                                                                                                                                          • Instruction ID: 2409c6ca9fed3b1331e82e1bed52d6d8c3ab9d40fb9c2185182027afa50a5ebc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 986c6a5c80ed7a44c127ec6f77dd0ea331600ecf95512dcf3895e6b9ac4bd1b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D218131A18B0385FB60BB15FD943A6A254EB4A794FC44138E5CD466A8DF3DD547CF20
                                                                                                                                                                                          Function 00007FF7279C15E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                          • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                          • API String ID: 384173800-1835852900
                                                                                                                                                                                          • Opcode ID: 206c5e6c475d56e5082d1760a3a3e55525d2eb39a59ca763ef62e6f150766718
                                                                                                                                                                                          • Instruction ID: 0b28c67d28405308f8584e0047c8e0d7c314c88522a785476357e24d9a690222
                                                                                                                                                                                          • Opcode Fuzzy Hash: 206c5e6c475d56e5082d1760a3a3e55525d2eb39a59ca763ef62e6f150766718
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3401D360A49F5791EA21BB15EF54074A764FB5A794FC84035C98D03264EE2CE607CF24
                                                                                                                                                                                          Function 00007FF7279D509A Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 1364COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Infinity$NaN
                                                                                                                                                                                          • API String ID: 0-4285296124
                                                                                                                                                                                          • Opcode ID: 49dd732ba73c5c67aaca2505ecab2ec58b3cb0d4c5d46c03a54d906a63c7fda6
                                                                                                                                                                                          • Instruction ID: c538943490721e8b9a9c2be270eb9a8183a847768658d2b97671cf9110c523ec
                                                                                                                                                                                          • Opcode Fuzzy Hash: 49dd732ba73c5c67aaca2505ecab2ec58b3cb0d4c5d46c03a54d906a63c7fda6
                                                                                                                                                                                          • Instruction Fuzzy Hash: BDE23F32A04B56CEE751EF79C9883AC77A1FB4638CF504225EA4D57B59DB38E482CB10
                                                                                                                                                                                          Function 00007FF7279C9650 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                          • API String ID: 0-1186847913
                                                                                                                                                                                          • Opcode ID: 6ae3f204a7047730f165ebfb1efca1ccb982177f601677e44feb50dda4778d35
                                                                                                                                                                                          • Instruction ID: 42f98fecf06b38db8f6e60504668ce027cff5f04faa2571c628a5ec113017ed6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ae3f204a7047730f165ebfb1efca1ccb982177f601677e44feb50dda4778d35
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E51D472E187134AEB54AF24999C67E76A5E74A340F81813CDA8A87380DF38E506DF18
                                                                                                                                                                                          Function 00007FF7279C9670 Relevance: 1.5, APIs: 1, Instructions: 253COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3510742995-0
                                                                                                                                                                                          • Opcode ID: ab0a6b18e32699958ec78ff02d5a0d2387750140b9c869829991cde5e5795802
                                                                                                                                                                                          • Instruction ID: e01aa2f10451f8a4cad3125229e794e672a828abaa7c52326f40e3c68c5b4e6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab0a6b18e32699958ec78ff02d5a0d2387750140b9c869829991cde5e5795802
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10B1B772E093538EEB619B159648B3ABBA5EB4A794F45413CDF8E07B80DB39D801CF50
                                                                                                                                                                                          Function 00007FF7279CB2B0 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1b26bf0123140294e2dd00dc6a0224186a84cfafe3d2903a4b67708c8bb276db
                                                                                                                                                                                          • Instruction ID: 0b57b2e951eb262dcabdccc21b319d952b753118b174077cbd371f8b3e229aef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b26bf0123140294e2dd00dc6a0224186a84cfafe3d2903a4b67708c8bb276db
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95D1E232A1C79286DB259F14E60027EB7A0FB89794F844139EACA53B94DB3DD946CF10
                                                                                                                                                                                          Function 00007FF7279CBE30 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 80cc807cd976c8b526083124d7b26f048422155ce667180b6aa220899a0a7f92
                                                                                                                                                                                          • Instruction ID: 0611c68faf780af5d142cac7771454b2ed23c69a47165341ae85e30590e6fc4a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80cc807cd976c8b526083124d7b26f048422155ce667180b6aa220899a0a7f92
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A12A73B252A143EE50DB2A991467ABBA2F74B7D0FC4D225DF8943788C63DE506CB10
                                                                                                                                                                                          Function 00007FF7279C3680 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                          • API String ID: 1294909896-4198433784
                                                                                                                                                                                          • Opcode ID: 5affd2b9d0570419eccc824255838ff871fcda4c1f659328fa8d4e96b8ff37c5
                                                                                                                                                                                          • Instruction ID: 44eb19122c901204e15c61470d159ab2007b84dd04a7dd434160ddfb8ee081f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5affd2b9d0570419eccc824255838ff871fcda4c1f659328fa8d4e96b8ff37c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DB13F25A09B4785EE00BB5AEE54179A360FF8AFC4FD44436DD8E47361EE3CE4069B24
                                                                                                                                                                                          Function 00007FF7279CE280 Relevance: 25.7, APIs: 17, Instructions: 223COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1093732947-0
                                                                                                                                                                                          • Opcode ID: 69111d898da7320eacaf25db035532df5b6579a01d97386b8201d2364bf28e7a
                                                                                                                                                                                          • Instruction ID: 0d8c0633e0ae7f993693c56ba51a2f37c4cd722633daaaf178aca09c5e55dc6c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 69111d898da7320eacaf25db035532df5b6579a01d97386b8201d2364bf28e7a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 97A12C66B04B1688EF00ABA6DD452BC63B4FB0AB98F804539DE9D17799DF3CD4028720
                                                                                                                                                                                          Function 00007FF7279C5550 Relevance: 25.6, APIs: 2, Strings: 15, Instructions: 140COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$EnvironmentVariable
                                                                                                                                                                                          • String ID: %s%c%s%c%s%c%s%c%s$;$;$Error detected starting Python VM.$Failed to convert argv to wchar_t$Failed to convert progname to wchar_t$Failed to convert pyhome to wchar_t$Failed to convert pypath to wchar_t$Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!$PYTHONUTF8$\$\$base_library.zip$lib-dynload$sys.path (based on %s) exceeds buffer[%d] space
                                                                                                                                                                                          • API String ID: 471908985-2552457735
                                                                                                                                                                                          • Opcode ID: 93c8f40b40e323a4eddbdbbeff7b1b89707df63dfdc38563d94beee3a9bf8c38
                                                                                                                                                                                          • Instruction ID: 79fda2a5667d0184d855dbe2edce5069628d39eaaf0ea2d024a53977d3fe08f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93c8f40b40e323a4eddbdbbeff7b1b89707df63dfdc38563d94beee3a9bf8c38
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78617B21A0DB5781FE11BB11EE552B9A361EF8AB80FD0003AD98D073A5CE2CE5478F20
                                                                                                                                                                                          Function 00007FF7279C31B0 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 202stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C3140: strcpy.MSVCRT(?,?,_MEIPASS2,?,00007FF7279C362C), ref: 00007FF7279C3183
                                                                                                                                                                                          • strcmp.MSVCRT ref: 00007FF7279C333C
                                                                                                                                                                                          • strcmp.MSVCRT ref: 00007FF7279C335F
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: fread.MSVCRT ref: 00007FF7279C7891
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: ferror.MSVCRT ref: 00007FF7279C78A1
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: clearerr.MSVCRT(?,00000000,?,00007FF7279C3267,?,00000000,?,00000000,?,?,_MEIPASS2,?,00007FF7279C362C), ref: 00007FF7279C78AD
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: fclose.MSVCRT ref: 00007FF7279C78E9
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: fclose.MSVCRT ref: 00007FF7279C78F1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclosestrcmp$clearerrferrorfreadstrcpy
                                                                                                                                                                                          • String ID: %s%s%s$%s%s%s%s%s$%s%s%s%s%s%s%s$%s%s%s.exe$%s%s%s.pkg$Archive not found: %s$Archive path exceeds PATH_MAX$Error copying %s$Error extracting %s$Error opening archive %s$_MEIPASS2$malloc
                                                                                                                                                                                          • API String ID: 2929065527-1083822304
                                                                                                                                                                                          • Opcode ID: bc2ca2563858478ac1de4e3d09269dc08256641f6ccee1f138f8195e3d58b689
                                                                                                                                                                                          • Instruction ID: 54c29eb847c65aad61953d9d733948475ed05a14720a8a9c084ce468acf5afcd
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc2ca2563858478ac1de4e3d09269dc08256641f6ccee1f138f8195e3d58b689
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B814021A08B4391FE10BB21AE441FAA264EF4ABD4FC44135ED8D476D6DE3CE5478F29
                                                                                                                                                                                          Function 00007FF7279C4FB0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 138stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: mbstowcsstrncmp
                                                                                                                                                                                          • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$_MEIPASS2$pyi-
                                                                                                                                                                                          • API String ID: 1807066385-1485234868
                                                                                                                                                                                          • Opcode ID: d67b039c012a96123b6d05d4575c6612e2422332ccb31e287ed74e3bea63ed2c
                                                                                                                                                                                          • Instruction ID: 61838770e1afc0f29ec323ad58141bf36f23324b0e8d770c252c9b112d4fa32e
                                                                                                                                                                                          • Opcode Fuzzy Hash: d67b039c012a96123b6d05d4575c6612e2422332ccb31e287ed74e3bea63ed2c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 40513B21A0875785FF14BB26DE44379A261EB8AB80FD4413ACD8D47396EE3DE4438B60
                                                                                                                                                                                          Function 00007FF7279C70F0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7279C712B
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C7136
                                                                                                                                                                                          • _wfullpath.MSVCRT ref: 00007FF7279C715E
                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C718D
                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 00007FF7279C71BB
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71C5
                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71D0
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71E2
                                                                                                                                                                                          • _wcsdup.MSVCRT ref: 00007FF7279C71FB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7279C7230
                                                                                                                                                                                          • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7279C7210
                                                                                                                                                                                          • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7279C7240
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectorywcschr$ByteCharEnvironmentExpandMultiStringsWide_wcsdup_wfullpathfreewcslenwcsncpy
                                                                                                                                                                                          • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                          • API String ID: 274989731-3498232454
                                                                                                                                                                                          • Opcode ID: a784a2ccdf5b974730d7bf360097d753a57ed2a3a2c87cbcad924fb3019e94ca
                                                                                                                                                                                          • Instruction ID: 5d1f4b9ee27c12470ef5efa219d5bcfcbb04368532b3a783e8d03264b9dcdadf
                                                                                                                                                                                          • Opcode Fuzzy Hash: a784a2ccdf5b974730d7bf360097d753a57ed2a3a2c87cbcad924fb3019e94ca
                                                                                                                                                                                          • Instruction Fuzzy Hash: B131A011B4974749FE65B7666F193BAD181DF4EBC0FC94038DE8D0A386ED2CE4424E20
                                                                                                                                                                                          Function 00007FF7279C1AF0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclosefreadfreemalloc
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 3295367466-3659356012
                                                                                                                                                                                          • Opcode ID: 04b61aaed53d26abc259b2dfd79bee1b8f7cc99e3b87b10555203a93a6abe698
                                                                                                                                                                                          • Instruction ID: 6864d483e5919dabf587d516cebf1aa0a9a4456185b9d6a6e5c3e1df55ff8893
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04b61aaed53d26abc259b2dfd79bee1b8f7cc99e3b87b10555203a93a6abe698
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F3101A2B4975340FE04BB129E546BA9210EF2ABC8FC44036DD8D07695EE3CE947CF24
                                                                                                                                                                                          Function 00007FF7279C5410 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$setlocale$_strdupcalloc
                                                                                                                                                                                          • String ID: Fatal error: unable to decode the command line argument #%i$out of memory
                                                                                                                                                                                          • API String ID: 3058678114-3355598041
                                                                                                                                                                                          • Opcode ID: 5307ef456474bd391b4189da5058a7605ca23a6648b097f23b6c5bf49c481f43
                                                                                                                                                                                          • Instruction ID: 96772e2d981a999f830d8f2be875ffdfd37ddf65288394af17834f32f0253bdb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5307ef456474bd391b4189da5058a7605ca23a6648b097f23b6c5bf49c481f43
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB21B121B0971341FE15B7169E8667ED251EF8AB84FE44479DD8D0B382DE3CE8438B20
                                                                                                                                                                                          Function 00007FF7279C29E0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$_wcsdup$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                          • API String ID: 2803985813-2699770090
                                                                                                                                                                                          • Opcode ID: 894b283773a2174c852061f409d4589e6d6b30860538c8d6f47aacc692047edb
                                                                                                                                                                                          • Instruction ID: 8f3c8624ef34ae0f04878ffbcf4d76570f26b2599961867e78c86098794e848c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 894b283773a2174c852061f409d4589e6d6b30860538c8d6f47aacc692047edb
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8216435A0978345EA65FB52BD596EAA350EB8AB80FC40035EE8D47B46CE3CD0468F20
                                                                                                                                                                                          Function 00007FF7279C5EE0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                          • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                          • API String ID: 4189425833-927121926
                                                                                                                                                                                          • Opcode ID: 9440e9537093393fa07fde72080a47fe8a4b91f6a97672e9c715da9e53183fd3
                                                                                                                                                                                          • Instruction ID: a49495c6a28ac8b81f926a664b3bcb3e67f93a0b43eaf8110c74c01e90c30804
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9440e9537093393fa07fde72080a47fe8a4b91f6a97672e9c715da9e53183fd3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9241F16170875355FE14FA229E457BA9364FB4ABC4FC44138EE8D0778ADE2CE1468F20
                                                                                                                                                                                          Function 00007FF7279C2350 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                          • Opcode ID: 5dbbb4ed8760b42e029378dd70d8568cfa1b2ea7843fc2a207ab38807a893700
                                                                                                                                                                                          • Instruction ID: e233c3c14035c28b56056a8149acc79a4325e252fcaef929c492211f1a8817f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dbbb4ed8760b42e029378dd70d8568cfa1b2ea7843fc2a207ab38807a893700
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8941A736215BA18AD7209F36E808779B7A1F788F99F484231EE8947B58DB3CD045CF20
                                                                                                                                                                                          Function 00007FF7279C5CC0 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 124stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$mallocstrncpy$callocfreestrlenstrncat
                                                                                                                                                                                          • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                          • API String ID: 257583877-1389504347
                                                                                                                                                                                          • Opcode ID: ceb5c12e41bbbc83513cd08ef107548667bb10d338ae92542c013e7db3897054
                                                                                                                                                                                          • Instruction ID: 0876c0f3dc9808a89a119c44a7ca7cbed6559b0f29eb58d1b3928b9d71b15559
                                                                                                                                                                                          • Opcode Fuzzy Hash: ceb5c12e41bbbc83513cd08ef107548667bb10d338ae92542c013e7db3897054
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8241E472B0535356EA28FB229E455A9A751FF4ABC0F944035CF8D03786EE7CE0428B20
                                                                                                                                                                                          Function 00007FF7279C7820 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclose$strlen$clearerrferror$_wfopenfreadfwritestrcpystrtok
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4076046571-0
                                                                                                                                                                                          • Opcode ID: 35b7519aea37469241f8a48f18aef7e913c97daecc90e9bd6e4619fc0ac55ddc
                                                                                                                                                                                          • Instruction ID: 56213ce1badd4a50d868c15fa835d3f23aa5b3bdbe1cdd42431a57e987a6bcf0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 35b7519aea37469241f8a48f18aef7e913c97daecc90e9bd6e4619fc0ac55ddc
                                                                                                                                                                                          • Instruction Fuzzy Hash: F121FA20F0934305FD1576221F9A6BAC1858F5BBD4F880174ED9E0BBC7ED1DA8038E60
                                                                                                                                                                                          Function 00007FF7279D208B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                          • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                          • API String ID: 1485978544-2115465065
                                                                                                                                                                                          • Opcode ID: b9557004f0524d262707bb7fc782d70f623bc1a5677267840b492ac58e1267dd
                                                                                                                                                                                          • Instruction ID: b032f49d5bc5ee957fa7b473e636e5e26d7892df8d629dff05714fa82247f3a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: b9557004f0524d262707bb7fc782d70f623bc1a5677267840b492ac58e1267dd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A812A76A04B468EEB14EF6ACD846AD77E0F749B88B418536EF8C43B58DB38D401CB50
                                                                                                                                                                                          Function 00007FF7279C8050 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                          • API String ID: 1374691127-27947307
                                                                                                                                                                                          • Opcode ID: 6bbc0ba4ffa293201b058105104d12121239e842ce837a7650c7ed5be71df523
                                                                                                                                                                                          • Instruction ID: b8b4127cb4c10cb15e98d3f06d1e43b71f04742079e9d4b897e64331622b1a25
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bbc0ba4ffa293201b058105104d12121239e842ce837a7650c7ed5be71df523
                                                                                                                                                                                          • Instruction Fuzzy Hash: A621A431A09B0388FE20FB55AD957B69291EF4A794FC44139DA8D0A7D5DF3CD0068F20
                                                                                                                                                                                          Function 00007FF7279C7F60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                          • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                          • API String ID: 1374691127-3831141058
                                                                                                                                                                                          • Opcode ID: 60bce5cfbf4ebbe868c9b92fd4d390395c4c3dbea5f1e897952f1e40fe61ac59
                                                                                                                                                                                          • Instruction ID: 14bc00db5db3a8ed9f6d1eb58bb31dacef08fd75da0851f440d497acf88ad006
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60bce5cfbf4ebbe868c9b92fd4d390395c4c3dbea5f1e897952f1e40fe61ac59
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D21D132A1C70348FB50BB15AE957A6A2A0EB4A3D4FC44239E98D467D5DF3CE106CF20
                                                                                                                                                                                          Function 00007FF7279C7B80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                          • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                          • API String ID: 4278403329-2782260415
                                                                                                                                                                                          • Opcode ID: a6d664074ed8b2f5cc0d17a13efe81265440fe0574e0d28e99d721a4b950a2f3
                                                                                                                                                                                          • Instruction ID: 7341bf303682eb3406465b0b8553104a7007bdf66763ce922e14933187c6fce7
                                                                                                                                                                                          • Opcode Fuzzy Hash: a6d664074ed8b2f5cc0d17a13efe81265440fe0574e0d28e99d721a4b950a2f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3011AF31A197038AEA11BB55AE845B5A250EF4BB90FD44238D99D473D1EE3CB486CF20
                                                                                                                                                                                          Function 00007FF7279C8220 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                          • String ID: %s%s: %s$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                          • API String ID: 1374691127-2292745976
                                                                                                                                                                                          • Opcode ID: bc1d4403f4c97f719fd50f6d844f70a26d2507ac53186a9bf0b4d7077fd3ac10
                                                                                                                                                                                          • Instruction ID: 4e59dc52a2bc05508fb8595c1e76641b5f965b04ca622e0c85b2d8f75ce8eabd
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc1d4403f4c97f719fd50f6d844f70a26d2507ac53186a9bf0b4d7077fd3ac10
                                                                                                                                                                                          • Instruction Fuzzy Hash: C811A121A09B4348EE20BB65AE55A759651EF4F7D4FC84239C98C066D1EE3CE0068F20
                                                                                                                                                                                          Function 00007FF7279C57D0 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freestrlen
                                                                                                                                                                                          • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                          • API String ID: 322734593-568040347
                                                                                                                                                                                          • Opcode ID: d0bb11aabede9b77c5e7ef7bcd71eb0eb40e03c5550ba2a7d5c9179319e092e4
                                                                                                                                                                                          • Instruction ID: c674ddbcffc0e5614a0815457c244b433c8e8b47d1cacdc8abb2aefc69aeb5bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0bb11aabede9b77c5e7ef7bcd71eb0eb40e03c5550ba2a7d5c9179319e092e4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20315D21A08B4791EE15BB16DF48079A360EF4AB94FD84036DD8E47791EE3CE4478F20
                                                                                                                                                                                          Function 00007FF7279C6520 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 157COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                          • API String ID: 1294909896-1126984729
                                                                                                                                                                                          • Opcode ID: 071a536408c6854c73f1d47d89c12807e57be3d30f2f68387dcde161feeef32a
                                                                                                                                                                                          • Instruction ID: 198c443777c12a94aa4e8700bb934ad2753653f305be596c511a6bd54dafdc6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 071a536408c6854c73f1d47d89c12807e57be3d30f2f68387dcde161feeef32a
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA71F736608B4786EB10AF65ED58369A360FB4AF85F944136DE8E47364DF3CD10ACB60
                                                                                                                                                                                          Function 00007FF7279C5910 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen
                                                                                                                                                                                          • String ID: %U?%llu$Failed to append to sys.path$Installing PYZ: Could not get sys.path$path$strict$utf-8
                                                                                                                                                                                          • API String ID: 39653677-2762566162
                                                                                                                                                                                          • Opcode ID: 3a5bb6adef67a2d12accd79b997b4f3f30a3bed5eb422a19f25dd91bc2cdfab1
                                                                                                                                                                                          • Instruction ID: e78b81f2d878c74b2bd820b45efb41270ea55dedb7e33c6a11d3b00682222487
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a5bb6adef67a2d12accd79b997b4f3f30a3bed5eb422a19f25dd91bc2cdfab1
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE114F36A09B1781EE01BB1AEE440A8A360EB4AFD4BD44136DD5D43361EE3CD547CB10
                                                                                                                                                                                          Function 00007FF7279D2388 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fwprintf$fputwc
                                                                                                                                                                                          • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                          • API String ID: 2988249585-4054516066
                                                                                                                                                                                          • Opcode ID: 236d62e54308b3a28ebbaa7cc6c460c39dadfba115f11693d126707a53da73b9
                                                                                                                                                                                          • Instruction ID: 94d18bcd5cb4ca7a0d0b0fbf661959d4c9b92ced87a8bdb8775c8ceb6c0c07cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 236d62e54308b3a28ebbaa7cc6c460c39dadfba115f11693d126707a53da73b9
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5710C76A04B4ACFD720EF2AC9855ADB7E0F749B98B418526EE8C87758DB38D401CF50
                                                                                                                                                                                          Function 00007FF7279CD860 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: CCG
                                                                                                                                                                                          • API String ID: 0-1584390748
                                                                                                                                                                                          • Opcode ID: 7ff9c4a6875b0bc59686fc59d813df51d4b7448f307ce77c8d0066e43a6c50d8
                                                                                                                                                                                          • Instruction ID: b165383f0a95788505483b20d95741deac5517b2cecb9d7d7916aac28f70bd6d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ff9c4a6875b0bc59686fc59d813df51d4b7448f307ce77c8d0066e43a6c50d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82416871A087038AFF10AB59CE4437C6260EB4E754F544A39DA6D477E5DE3CD5428F21
                                                                                                                                                                                          Function 00007FF7279C6EF0 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen$malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3157260142-0
                                                                                                                                                                                          • Opcode ID: 93b7bf24ef345af88b4b21c4113e836e9ff877d9dfc4e4c002466ff63a11ded6
                                                                                                                                                                                          • Instruction ID: 487a495813513ecc2dabaeae2f97988629ff900a92b1d58f62fdbcb1dad53306
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93b7bf24ef345af88b4b21c4113e836e9ff877d9dfc4e4c002466ff63a11ded6
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4114F11B0A35354FD5ABA531F56A7AC5859F4FFD4D888478ED8D0A782FD2CA4438E20
                                                                                                                                                                                          Function 00007FF7279C2920 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1200242243-0
                                                                                                                                                                                          • Opcode ID: 1c0ad47b6dc5fc485c8fba458f7570b56aa546392ee80a1f5e1caaed3567c9ac
                                                                                                                                                                                          • Instruction ID: 6ff865cc9ca81677aaf83dc089ff33c91d048026f114deb384c3fb962e9a631c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c0ad47b6dc5fc485c8fba458f7570b56aa546392ee80a1f5e1caaed3567c9ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA01A160E1D32742FA6873266F442BE9181EB9FF51FD44474C9CA41A94CC2C68C34E21
                                                                                                                                                                                          Function 00007FF7279C2C10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7279C2C93
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 00007FF7279C2CBB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                          • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                          • API String ID: 1878133881-785100509
                                                                                                                                                                                          • Opcode ID: ceee78ea7e6e2a8cc87b84f58916f9e69fc36966f5cd7132d74df1afc3b1fc05
                                                                                                                                                                                          • Instruction ID: cb26c4268cd63428abfe224a19cc3469820a8b4f460f7b00fbfc3f1792b9692a
                                                                                                                                                                                          • Opcode Fuzzy Hash: ceee78ea7e6e2a8cc87b84f58916f9e69fc36966f5cd7132d74df1afc3b1fc05
                                                                                                                                                                                          • Instruction Fuzzy Hash: E101D23271878241EB306B22BE057AAD280E74AFD4F8880389E8D17B89CD3CD1868F10
                                                                                                                                                                                          Function 00007FF7279C42F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                          • API String ID: 1532159127-1977442011
                                                                                                                                                                                          • Opcode ID: 596f9c6f4da9235583f883e7b0b9fd0a4c4344a57c1601f04a7c7c20de7fb95a
                                                                                                                                                                                          • Instruction ID: 4ace1c07ad32276954a217c892359bff30ecbf515bd9275ab64aa78441e3e7d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 596f9c6f4da9235583f883e7b0b9fd0a4c4344a57c1601f04a7c7c20de7fb95a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CF06961B1874381FE517620AE093B98290EB4FBC0F8440399C8E8A295DD1CE9478F20
                                                                                                                                                                                          Function 00007FF7279C2B10 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$ByteCharMultiWide
                                                                                                                                                                                          • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                          • API String ID: 3219091393-982972847
                                                                                                                                                                                          • Opcode ID: 5146e6638b973cc7d9f2b4cd73b1d31541143d1c5daf1ed89efa4ef97599eaec
                                                                                                                                                                                          • Instruction ID: da2fe1c61767701c5ccd07b9e40a8de08aac0ad59852218c9ebc5e748e567aa0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5146e6638b973cc7d9f2b4cd73b1d31541143d1c5daf1ed89efa4ef97599eaec
                                                                                                                                                                                          • Instruction Fuzzy Hash: 77015E11B1975305FD2976A61E2AABAD0418F4FFD0DC85478AD8E4BB82EC2CE4034E60
                                                                                                                                                                                          Function 00007FF7279CCDE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-3474627141
                                                                                                                                                                                          • Opcode ID: 3373ce9a88896e149ead81a146e17feaf05e9c69e4ebc8bac4caa7ee2df81a9f
                                                                                                                                                                                          • Instruction ID: 754cbca8959f8c4367632e32fa746320952d9501defa9f515c7e47006491fd45
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3373ce9a88896e149ead81a146e17feaf05e9c69e4ebc8bac4caa7ee2df81a9f
                                                                                                                                                                                          • Instruction Fuzzy Hash: F1214926A04F858AE7119F68D8853E9B371FF5A798F844622EE8C17724EF38D256C700
                                                                                                                                                                                          Function 00007FF7279C2E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message_errno
                                                                                                                                                                                          • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                          • API String ID: 1796756983-2410924014
                                                                                                                                                                                          • Opcode ID: ea340565870959be23fb6e9e11d4bee739c2d59d1fadefcf5973dfefa03d1205
                                                                                                                                                                                          • Instruction ID: 82a2112a568cfb11b392eddf8497ff25e966bf6160c73cf63c355d0f117efed8
                                                                                                                                                                                          • Opcode Fuzzy Hash: ea340565870959be23fb6e9e11d4bee739c2d59d1fadefcf5973dfefa03d1205
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2101712261C78281E620BB21B9407DAA254FB8ABC0F904135DACC13759CE3CD657CF50
                                                                                                                                                                                          Function 00007FF7279CCE46 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-4064033741
                                                                                                                                                                                          • Opcode ID: d91acc19fd03cae2b415eab986baa786b13cfab678dc1a4e10472f462256fc53
                                                                                                                                                                                          • Instruction ID: 3b9b4797f6dbb7ffe17619dcba9855e5368c3d1f46e4207421551f63ba445db6
                                                                                                                                                                                          • Opcode Fuzzy Hash: d91acc19fd03cae2b415eab986baa786b13cfab678dc1a4e10472f462256fc53
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC01BC26A04F858AD7019F29D8802AAB731FF4EB98F444726EF8C27764DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE39 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-2468659920
                                                                                                                                                                                          • Opcode ID: 10e377c91d17d0f301de9a9a2052d4d6639adc73ea77f0512dffc20f85460768
                                                                                                                                                                                          • Instruction ID: f7b6d55b1dad84753a111369b0b70cac4351eb48c04d7eb69ef4a9f8aca119bb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10e377c91d17d0f301de9a9a2052d4d6639adc73ea77f0512dffc20f85460768
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2401BC26A04F858AD7019F29D8802AAB731FF4EB98F404726EF8C2B724DF28C185C710
                                                                                                                                                                                          Function 00007FF7279CCE53 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-4283191376
                                                                                                                                                                                          • Opcode ID: e85bea1eea17f4553f1f0c5d6837dd78bee39da8c65153de1d0d7a03e787e670
                                                                                                                                                                                          • Instruction ID: 7d6eaebb2fff4eaed215b2693a87598362f9e1c5d175d8843c178676d3f32619
                                                                                                                                                                                          • Opcode Fuzzy Hash: e85bea1eea17f4553f1f0c5d6837dd78bee39da8c65153de1d0d7a03e787e670
                                                                                                                                                                                          • Instruction Fuzzy Hash: D001BC26A04F858AD7019F29D8802AAB731FF4EB98F444726EF8C27724DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-2713391170
                                                                                                                                                                                          • Opcode ID: 7127cb6aed573bc495a2f3aa8bb5466b247e9f50d0bb95b30cf0f717163b5fac
                                                                                                                                                                                          • Instruction ID: b6ee8e13d848dacea49a810ee685310b68891023ef82794b3130862bd39a08bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7127cb6aed573bc495a2f3aa8bb5466b247e9f50d0bb95b30cf0f717163b5fac
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6301BC26A04F858AD7019F69D8802AAB731FF4EB98F444726EF8C27724DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-4273532761
                                                                                                                                                                                          • Opcode ID: edb54fd18a9bad84d2105e5c7771574841c1449487ce9f4b3f567f10ecc1846a
                                                                                                                                                                                          • Instruction ID: 034694336f5812f2db6a19e71f59366f021f31a3c248ac13bfefeb04e51b295f
                                                                                                                                                                                          • Opcode Fuzzy Hash: edb54fd18a9bad84d2105e5c7771574841c1449487ce9f4b3f567f10ecc1846a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C401B126904F858AD7119F29D8402AA7731FF4E798F408726EF8C27764DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE6D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-2187435201
                                                                                                                                                                                          • Opcode ID: c88fb609a798eda18f1f330f5825844799e0cad915efae99aee9ed2068d340bb
                                                                                                                                                                                          • Instruction ID: da1379778ab4f0fe1dbacd0c5cbd1664dcfc406e71c3e69902adec19fd2935db
                                                                                                                                                                                          • Opcode Fuzzy Hash: c88fb609a798eda18f1f330f5825844799e0cad915efae99aee9ed2068d340bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C01BC26A04F898AD7019F69D8812AAB771FF4EB98F444726EF8C27724DF28C146C710
                                                                                                                                                                                          Function 00007FF7279C61B0 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2150862297.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2150839179.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150891005.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150912473.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150933706.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150950648.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150969367.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2150985242.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: d31306962506b8142cdbced00691642386803f2b69940228aa0566a0a5c1bf85
                                                                                                                                                                                          • Instruction ID: d24539ba9a5ec9ae95b34b6c8af9a49bc9811ddd05794c666c60e6a1a6cf66f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: d31306962506b8142cdbced00691642386803f2b69940228aa0566a0a5c1bf85
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF08221E0A65340FD29F762A9557BCA210DF47F41F8441B4CF8D27643CE2CE4434B21

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:1.6%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:8.3%
                                                                                                                                                                                          Total number of Nodes:1124
                                                                                                                                                                                          Total number of Limit Nodes:75
                                                                                                                                                                                          execution_graph 61023 7ff8a87114c9 61024 7ff8a8736bf0 61023->61024 61025 7ff8a8736c10 ERR_put_error 61024->61025 61026 7ff8a8736c3c 61024->61026 61027 7ff8a8736ca6 61026->61027 61028 7ff8a8736c76 ASYNC_get_current_job 61026->61028 61030 7ff8a8736cac 61026->61030 61035 7ff8a871236a 61027->61035 61059 7ff8a8711a0a 61027->61059 61028->61027 61029 7ff8a8736c80 61028->61029 61083 7ff8a873e8f0 ERR_put_error 61029->61083 61032 7ff8a8736c99 61035->61030 61036 7ff8a87552c0 61035->61036 61037 7ff8a8755ada ERR_clear_error SetLastError 61036->61037 61048 7ff8a8755dcc 61036->61048 61040 7ff8a8755af3 61037->61040 61039 7ff8a8755dfe 61041 7ff8a8755e09 ERR_put_error 61039->61041 61044 7ff8a8755e5c ERR_put_error 61039->61044 61040->61048 61050 7ff8a8755c8a 61040->61050 61051 7ff8a8755bcb ERR_put_error 61040->61051 61052 7ff8a8755c6b BUF_MEM_grow 61040->61052 61058 7ff8a8755d2d 61040->61058 61047 7ff8a8755e31 61041->61047 61046 7ff8a8755bf3 61044->61046 61045 7ff8a8755dbc BUF_MEM_free 61045->61048 61046->61045 61047->61044 61048->61030 61049 7ff8a8755c9d ERR_put_error 61049->61046 61050->61049 61102 7ff8a871118b BIO_new BIO_free ERR_put_error 61050->61102 61051->61046 61052->61050 61052->61051 61055 7ff8a8755cff 61055->61049 61056 7ff8a8755d0d 61055->61056 61056->61058 61103 7ff8a87115aa OPENSSL_sk_num OPENSSL_sk_value OPENSSL_sk_num ERR_add_error_data 61056->61103 61058->61039 61058->61045 61058->61046 61084 7ff8a87555c0 61058->61084 61095 7ff8a8756060 61058->61095 61059->61030 61060 7ff8a87553e0 61059->61060 61061 7ff8a8755ada ERR_clear_error SetLastError 61060->61061 61062 7ff8a8755dcc 61060->61062 61073 7ff8a8755af3 61061->61073 61062->61030 61063 7ff8a87555c0 42 API calls 61082 7ff8a8755d2d 61063->61082 61064 7ff8a8755dfe 61066 7ff8a8755e09 ERR_put_error 61064->61066 61069 7ff8a8755e5c ERR_put_error 61064->61069 61065 7ff8a8755bcb ERR_put_error 61072 7ff8a8755bf3 61065->61072 61070 7ff8a8755e31 61066->61070 61067 7ff8a8756060 41 API calls 61067->61082 61069->61072 61070->61069 61071 7ff8a8755dbc BUF_MEM_free 61071->61062 61072->61071 61073->61062 61073->61065 61074 7ff8a8755c8a 61073->61074 61075 7ff8a8755c6b BUF_MEM_grow 61073->61075 61073->61082 61080 7ff8a8755c9d ERR_put_error 61074->61080 61175 7ff8a871118b BIO_new BIO_free ERR_put_error 61074->61175 61075->61065 61075->61074 61078 7ff8a8755cff 61079 7ff8a8755d0d 61078->61079 61078->61080 61079->61082 61176 7ff8a87115aa OPENSSL_sk_num OPENSSL_sk_value OPENSSL_sk_num ERR_add_error_data 61079->61176 61080->61072 61082->61063 61082->61064 61082->61067 61082->61071 61082->61072 61083->61032 61085 7ff8a87555da 61084->61085 61088 7ff8a8755849 61085->61088 61089 7ff8a87556b6 61085->61089 61091 7ff8a8755933 ERR_put_error 61085->61091 61092 7ff8a875575b BUF_MEM_grow_clean 61085->61092 61093 7ff8a875585d 61085->61093 61104 7ff8a8711348 61085->61104 61108 7ff8a8757e55 61085->61108 61087 7ff8a875587b ERR_put_error 61087->61089 61088->61089 61111 7ff8a87116a4 BIO_ctrl 61088->61111 61089->61058 61091->61089 61092->61085 61092->61093 61093->61087 61093->61089 61099 7ff8a875607c 61095->61099 61096 7ff8a87563ec ERR_put_error 61097 7ff8a87562de 61096->61097 61097->61058 61099->61097 61100 7ff8a8756112 61099->61100 61163 7ff8a8757818 61099->61163 61169 7ff8a8711032 10 API calls 61099->61169 61100->61096 61100->61097 61102->61055 61103->61058 61104->61085 61105 7ff8a8766190 61104->61105 61106 7ff8a87662b6 61105->61106 61112 7ff8a87115d2 61105->61112 61106->61085 61121 7ff8a87116b3 61108->61121 61110 7ff8a8757e5d 61110->61085 61111->61089 61112->61105 61113 7ff8a871c4c0 61112->61113 61114 7ff8a871c593 61113->61114 61115 7ff8a871c9d6 memcpy 61113->61115 61116 7ff8a871cb80 memcpy 61113->61116 61117 7ff8a871c99b 61113->61117 61119 7ff8a871cc75 61113->61119 61114->61105 61114->61114 61115->61113 61116->61113 61118 7ff8a871c9aa BIO_clear_flags BIO_set_flags 61117->61118 61118->61114 61120 7ff8a871cccf BIO_snprintf ERR_add_error_data 61119->61120 61120->61114 61121->61110 61122 7ff8a875db30 61121->61122 61123 7ff8a875db4a OPENSSL_sk_new_null 61122->61123 61132 7ff8a875db7e 61123->61132 61138 7ff8a875db6a 61123->61138 61124 7ff8a875e09f X509_free OPENSSL_sk_pop_free 61124->61110 61125 7ff8a875dc61 d2i_X509 61125->61132 61125->61138 61126 7ff8a875dd61 OPENSSL_sk_push 61126->61132 61126->61138 61127 7ff8a875dd8c 61139 7ff8a8711299 61127->61139 61129 7ff8a875dd97 61130 7ff8a875de0e ERR_clear_error 61129->61130 61129->61138 61131 7ff8a875de43 OPENSSL_sk_value X509_get0_pubkey 61130->61131 61130->61138 61133 7ff8a875de75 EVP_PKEY_missing_parameters 61131->61133 61131->61138 61132->61125 61132->61126 61132->61127 61134 7ff8a875dddb CRYPTO_free 61132->61134 61136 7ff8a875dd4b CRYPTO_free 61132->61136 61132->61138 61135 7ff8a875de85 61133->61135 61133->61138 61134->61138 61137 7ff8a875df27 X509_free X509_up_ref 61135->61137 61135->61138 61136->61126 61137->61138 61138->61124 61139->61129 61140 7ff8a872c370 61139->61140 61141 7ff8a872c399 OPENSSL_sk_num 61140->61141 61142 7ff8a872c5f6 61140->61142 61141->61142 61143 7ff8a872c3a9 X509_STORE_CTX_new 61141->61143 61142->61129 61145 7ff8a872c41a OPENSSL_sk_value 61143->61145 61146 7ff8a872c3de ERR_put_error 61143->61146 61148 7ff8a872c435 61145->61148 61147 7ff8a872c400 61146->61147 61147->61129 61149 7ff8a872c439 ERR_put_error X509_STORE_CTX_free 61148->61149 61150 7ff8a872c465 61148->61150 61149->61147 61151 7ff8a872c4c7 X509_STORE_CTX_set_ex_data 61150->61151 61152 7ff8a872c4da 61151->61152 61153 7ff8a872c5e7 X509_STORE_CTX_free 61151->61153 61154 7ff8a872c501 X509_STORE_CTX_set_default X509_VERIFY_PARAM_set1 61152->61154 61155 7ff8a872c4e6 OPENSSL_sk_num 61152->61155 61153->61142 61157 7ff8a872c539 X509_STORE_CTX_set_verify_cb 61154->61157 61158 7ff8a872c541 61154->61158 61155->61154 61156 7ff8a872c4f6 X509_STORE_CTX_set0_dane 61155->61156 61156->61154 61157->61158 61159 7ff8a872c567 X509_STORE_CTX_get_error OPENSSL_sk_pop_free X509_STORE_CTX_get0_chain 61158->61159 61160 7ff8a872c5d8 X509_VERIFY_PARAM_move_peername 61159->61160 61161 7ff8a872c5a2 X509_STORE_CTX_get1_chain 61159->61161 61160->61153 61161->61160 61162 7ff8a872c5b6 ERR_put_error 61161->61162 61162->61160 61164 7ff8a8757828 61163->61164 61165 7ff8a8757847 61163->61165 61167 7ff8a8757841 61164->61167 61174 7ff8a8711e47 29 API calls 61164->61174 61170 7ff8a87114c4 61165->61170 61167->61099 61169->61099 61170->61167 61171 7ff8a8756000 61170->61171 61172 7ff8a875600c BIO_ctrl 61171->61172 61173 7ff8a875602f 61172->61173 61173->61167 61174->61167 61175->61078 61176->61082 60849 7ff7279c3680 60850 7ff7279c3696 60849->60850 60851 7ff7279c38f1 60850->60851 60852 7ff7279c36bc 60850->60852 60918 7ff7279c2cd0 10 API calls 60851->60918 60854 7ff7279c38fd 60852->60854 60862 7ff7279c36d4 60852->60862 60919 7ff7279c2cd0 10 API calls 60854->60919 60859 7ff7279c37e6 60915 7ff7279c2cd0 10 API calls 60859->60915 60861 7ff7279c3a48 60862->60859 60863 7ff7279c37f9 60862->60863 60865 7ff7279c37d0 60862->60865 60866 7ff7279c37c1 free 60862->60866 60868 7ff7279c3813 60862->60868 60878 7ff7279c1af0 60862->60878 60906 7ff7279c30b0 60862->60906 60914 7ff7279c1ab0 10 API calls 60862->60914 60916 7ff7279c2cd0 10 API calls 60863->60916 60866->60862 60867 7ff7279c390e 60867->60861 60872 7ff7279c3a3d _strdup 60867->60872 60869 7ff7279c3876 60868->60869 60870 7ff7279c386b _strdup 60868->60870 60909 7ff7279c2230 strlen 60869->60909 60870->60869 60872->60861 60873 7ff7279c3891 60873->60867 60874 7ff7279c3899 _strdup 60873->60874 60875 7ff7279c38c0 60874->60875 60917 7ff7279c2b10 27 API calls 60875->60917 60877 7ff7279c38d7 free free 60877->60865 60879 7ff7279c1bf0 60878->60879 60880 7ff7279c1b0e 60878->60880 60947 7ff7279c43b0 60879->60947 60920 7ff7279cf2d0 60880->60920 60884 7ff7279c1c00 60884->60880 60887 7ff7279c1c10 60884->60887 60885 7ff7279c1b26 malloc 60889 7ff7279c1c52 60885->60889 60890 7ff7279c1b3f 60885->60890 60886 7ff7279c1c38 60955 7ff7279c2e50 11 API calls 60886->60955 60954 7ff7279c2cd0 10 API calls 60887->60954 60956 7ff7279c2e50 11 API calls 60889->60956 60893 7ff7279c1bd0 60890->60893 60894 7ff7279c1b4b 60890->60894 60923 7ff7279c1710 60893->60923 60897 7ff7279c1b60 fread 60894->60897 60898 7ff7279c1b53 60894->60898 60895 7ff7279c1c21 60895->60862 60900 7ff7279c1b86 60897->60900 60901 7ff7279c1b58 60897->60901 60902 7ff7279c1bb2 fclose 60898->60902 60903 7ff7279c1bbf 60898->60903 60899 7ff7279c1be1 60899->60898 60905 7ff7279c1b9e free 60899->60905 60953 7ff7279c2e50 11 API calls 60900->60953 60901->60897 60901->60898 60902->60903 60903->60862 60905->60898 60992 7ff7279cf490 60906->60992 60911 7ff7279c2260 60909->60911 60910 7ff7279c228b 60910->60873 60911->60910 60913 7ff7279c22b6 60911->60913 61000 7ff7279c2cd0 10 API calls 60911->61000 60913->60873 60914->60862 60915->60865 60916->60865 60917->60877 60918->60854 60919->60867 60957 7ff7279cf310 60920->60957 60963 7ff7279c8af0 60923->60963 60925 7ff7279c1779 60926 7ff7279c1783 malloc 60925->60926 60927 7ff7279c19fb 60925->60927 60928 7ff7279c1a52 60926->60928 60929 7ff7279c1799 malloc 60926->60929 60973 7ff7279c2cd0 10 API calls 60927->60973 60975 7ff7279c2e50 11 API calls 60928->60975 60932 7ff7279c1a3b 60929->60932 60944 7ff7279c17af 60929->60944 60974 7ff7279c2e50 11 API calls 60932->60974 60934 7ff7279c17b3 fread 60935 7ff7279c18f5 60934->60935 60936 7ff7279c17db ferror 60934->60936 60967 7ff7279ca980 60935->60967 60936->60935 60936->60944 60940 7ff7279c18c4 60940->60935 60972 7ff7279c2cd0 10 API calls 60940->60972 60941 7ff7279c1852 fwrite 60942 7ff7279c187a ferror 60941->60942 60943 7ff7279c19ed 60941->60943 60942->60943 60946 7ff7279c188f 60942->60946 60943->60940 60944->60934 60944->60935 60944->60940 60944->60941 60971 7ff7279c8ba0 memcpy memcpy memcpy 60944->60971 60946->60944 60948 7ff7279c43bd 60947->60948 60976 7ff7279c8220 60948->60976 60951 7ff7279c8220 10 API calls 60952 7ff7279c43ef _wfopen 60951->60952 60952->60884 60953->60905 60954->60895 60955->60895 60956->60898 60958 7ff7279cf356 60957->60958 60962 7ff7279cf32a 60957->60962 60959 7ff7279cf398 _errno 60958->60959 60958->60962 60961 7ff7279c1b1e 60959->60961 60960 7ff7279cf3aa fsetpos 60960->60961 60961->60885 60961->60886 60962->60960 60962->60961 60964 7ff7279c8a00 60963->60964 60965 7ff7279c8a4e malloc 60964->60965 60966 7ff7279c8a63 60964->60966 60965->60966 60966->60925 60968 7ff7279ca98b 60967->60968 60969 7ff7279ca9a1 free 60968->60969 60970 7ff7279c1902 free free 60968->60970 60969->60970 60970->60899 60971->60944 60972->60935 60973->60944 60974->60928 60975->60928 60977 7ff7279c8233 60976->60977 60978 7ff7279c8270 MultiByteToWideChar 60976->60978 60979 7ff7279c823d MultiByteToWideChar 60977->60979 60980 7ff7279c82a5 calloc 60978->60980 60981 7ff7279c82f8 60978->60981 60982 7ff7279c82d8 60979->60982 60987 7ff7279c43de 60979->60987 60980->60979 60983 7ff7279c82bb 60980->60983 60991 7ff7279c2db0 10 API calls 60981->60991 60990 7ff7279c2db0 10 API calls 60982->60990 60989 7ff7279c2db0 10 API calls 60983->60989 60987->60951 60988 7ff7279c82d0 60988->60987 60989->60988 60990->60987 60991->60987 60993 7ff7279cf4b2 60992->60993 60994 7ff7279cf4db 60992->60994 60998 7ff7279d1605 fputc 60993->60998 60999 7ff7279d1605 fputc 60994->60999 60997 7ff7279c30cd 60997->60862 60998->60997 60999->60997 61000->60911 61177 7ff7279c10f6 61180 7ff7279c1154 61177->61180 61181 7ff7279c118b 61180->61181 61182 7ff7279c11f1 _amsg_exit 61181->61182 61183 7ff7279c11fd 61181->61183 61184 7ff7279c1232 61182->61184 61183->61184 61185 7ff7279c120a _initterm 61183->61185 61186 7ff7279c124a _initterm 61184->61186 61187 7ff7279c1270 61184->61187 61185->61184 61186->61187 61196 7ff7279c147c 61187->61196 61189 7ff7279c1309 61201 7ff7279ccbb0 61189->61201 61192 7ff7279c1350 exit 61193 7ff7279c135d 61192->61193 61194 7ff7279c1367 _cexit 61193->61194 61195 7ff7279c1117 61193->61195 61194->61195 61197 7ff7279c14a2 61196->61197 61198 7ff7279c1558 61197->61198 61199 7ff7279c14bd 61197->61199 61198->61189 61200 7ff7279c14dc malloc memcpy 61199->61200 61200->61197 61204 7ff7279ccbd6 61201->61204 61202 7ff7279ccc58 memset 61203 7ff7279ccc7f 61202->61203 61207 7ff7279c16d0 61203->61207 61204->61202 61278 7ff7279c8170 61207->61278 61209 7ff7279c16f3 61286 7ff7279c21b0 calloc 61209->61286 61214 7ff7279c3b9a 61258 7ff7279c3e43 61214->61258 61301 7ff7279c6fc0 61214->61301 61219 7ff7279c3be7 61222 7ff7279c3d50 61219->61222 61223 7ff7279c3bf3 61219->61223 61220 7ff7279c3fea fclose 61220->61258 61221 7ff7279c20b0 41 API calls 61244 7ff7279c3c4e 61221->61244 61225 7ff7279c70b0 12 API calls 61222->61225 61224 7ff7279c6fc0 15 API calls 61223->61224 61227 7ff7279c3bff 61224->61227 61228 7ff7279c3d58 61225->61228 61226 7ff7279c2cd0 10 API calls 61226->61258 61230 7ff7279c3c38 61227->61230 61234 7ff7279c3f00 61227->61234 61235 7ff7279c3c1b free 61227->61235 61231 7ff7279c20b0 41 API calls 61228->61231 61229 7ff7279c8220 10 API calls 61229->61244 61309 7ff7279c70b0 61230->61309 61233 7ff7279c3d66 61231->61233 61233->61234 61237 7ff7279c3d6e 61233->61237 61240 7ff7279c20b0 41 API calls 61234->61240 61239 7ff7279c70b0 12 API calls 61235->61239 61236 7ff7279c3c40 61312 7ff7279c20b0 61236->61312 61340 7ff7279c3520 10 API calls 61237->61340 61238 7ff7279c3c90 SetDllDirectoryW 61323 7ff7279c6170 calloc 61238->61323 61239->61230 61255 7ff7279c3d84 61240->61255 61244->61221 61244->61229 61244->61238 61256 7ff7279c3cf1 strcpy 61244->61256 61244->61258 61336 7ff7279c61b0 free free free free 61244->61336 61337 7ff7279c3b20 fputc 61244->61337 61245 7ff7279c3e3e 61246 7ff7279c6170 12 API calls 61245->61246 61246->61258 61248 7ff7279c43b0 11 API calls 61248->61255 61250 7ff7279c3cb9 strcmp 61250->61244 61251 7ff7279c3d0a 61250->61251 61327 7ff7279c3aa0 61251->61327 61252 7ff7279c61b0 free free free free 61252->61258 61255->61220 61255->61245 61255->61248 61255->61258 61341 7ff7279c7d40 malloc 61255->61341 61350 7ff7279c3520 10 API calls 61255->61350 61256->61251 61258->61220 61258->61226 61258->61244 61258->61250 61258->61252 61267 7ff7279c3eb2 61258->61267 61351 7ff7279c5cc0 43 API calls 61258->61351 61352 7ff7279c3580 138 API calls 61258->61352 61353 7ff7279c7050 13 API calls 61258->61353 61358 7ff7279c5ee0 122 API calls 61258->61358 61359 7ff7279c6100 43 API calls 61258->61359 61360 7ff7279c6310 FreeLibrary 61258->61360 61362 7ff7279c6430 11 API calls 61258->61362 61259 7ff7279c3d1a 61338 7ff7279c6310 FreeLibrary 61259->61338 61263 7ff7279c3d2e 61339 7ff7279c61b0 free free free free 61263->61339 61266 7ff7279c1340 61266->61192 61266->61193 61354 7ff7279c79a0 24 API calls 61267->61354 61269 7ff7279c3ec8 61355 7ff7279c6310 FreeLibrary 61269->61355 61271 7ff7279c3ed4 61356 7ff7279c61b0 free free free free 61271->61356 61273 7ff7279c3ede 61274 7ff7279c3eeb 61273->61274 61361 7ff7279c7470 30 API calls 61273->61361 61357 7ff7279c21f0 free fclose 61274->61357 61277 7ff7279c3ef3 61277->61266 61279 7ff7279c818e 61278->61279 61280 7ff7279c81e9 61279->61280 61281 7ff7279c819a 61279->61281 61280->61209 61281->61280 61283 7ff7279c81c1 61281->61283 61363 7ff7279c8050 13 API calls 61281->61363 61284 7ff7279c81d0 free 61283->61284 61284->61284 61285 7ff7279c81e1 free 61284->61285 61285->61280 61287 7ff7279c21c8 61286->61287 61288 7ff7279c21cd 61286->61288 61287->61258 61290 7ff7279c42f0 61287->61290 61364 7ff7279c2e50 11 API calls 61288->61364 61365 7ff7279ce240 61290->61365 61292 7ff7279c42fc GetModuleFileNameW 61293 7ff7279c4348 61292->61293 61294 7ff7279c431c 61292->61294 61368 7ff7279c2db0 10 API calls 61293->61368 61367 7ff7279c8050 13 API calls 61294->61367 61297 7ff7279c432d 61298 7ff7279c433a 61297->61298 61369 7ff7279c2cd0 10 API calls 61297->61369 61298->61214 61300 7ff7279c436c 61300->61298 61302 7ff7279c6fcb 61301->61302 61303 7ff7279c8220 10 API calls 61302->61303 61304 7ff7279c6fe0 GetEnvironmentVariableW 61303->61304 61305 7ff7279c6ff6 61304->61305 61306 7ff7279c7008 ExpandEnvironmentStringsW 61304->61306 61305->61219 61370 7ff7279c8050 13 API calls 61306->61370 61308 7ff7279c702c 61308->61219 61308->61305 61310 7ff7279c8220 10 API calls 61309->61310 61311 7ff7279c70c3 SetEnvironmentVariableW free 61310->61311 61311->61236 61371 7ff7279c1a80 61312->61371 61315 7ff7279c20df 61315->61244 61316 7ff7279c1a80 fputc 61317 7ff7279c210b 61316->61317 61317->61315 61374 7ff7279c4040 61317->61374 61322 7ff7279c2158 fclose 61322->61315 61324 7ff7279c6188 61323->61324 61325 7ff7279c618d 61323->61325 61324->61244 61441 7ff7279c2e50 11 API calls 61325->61441 61442 7ff7279c51d0 61327->61442 61335 7ff7279c3adb 61335->61259 61336->61250 61337->61244 61338->61263 61339->61266 61340->61255 61342 7ff7279c7e29 free 61341->61342 61343 7ff7279c7d6f 61341->61343 61342->61255 61345 7ff7279cf2d0 2 API calls 61343->61345 61346 7ff7279c7d7f 61345->61346 61346->61342 61587 7ff7279cf3c0 61346->61587 61348 7ff7279cf2d0 2 API calls 61349 7ff7279c7d8f 61348->61349 61349->61342 61349->61348 61350->61255 61351->61258 61352->61258 61353->61258 61354->61269 61355->61271 61356->61273 61357->61277 61358->61258 61359->61258 61360->61258 61361->61274 61362->61258 61363->61281 61364->61287 61366 7ff7279ce24f 61365->61366 61366->61292 61366->61366 61367->61297 61368->61298 61369->61300 61370->61308 61372 7ff7279cf490 fputc 61371->61372 61373 7ff7279c1aa4 61372->61373 61373->61315 61373->61316 61375 7ff7279c404c 61374->61375 61411 7ff7279c4010 61375->61411 61380 7ff7279c4010 fputc 61381 7ff7279c2124 strcpy 61380->61381 61382 7ff7279c1e80 61381->61382 61383 7ff7279c2020 61382->61383 61384 7ff7279c1e96 61382->61384 61386 7ff7279c43b0 11 API calls 61383->61386 61385 7ff7279c7d40 5 API calls 61384->61385 61388 7ff7279c200c 61384->61388 61387 7ff7279c1ec0 61385->61387 61386->61384 61387->61388 61389 7ff7279cf2d0 2 API calls 61387->61389 61388->61315 61388->61322 61390 7ff7279c1ed9 61389->61390 61391 7ff7279c1ee1 fread 61390->61391 61392 7ff7279c2085 61390->61392 61394 7ff7279c1f01 61391->61394 61395 7ff7279c2048 61391->61395 61439 7ff7279c2e50 11 API calls 61392->61439 61397 7ff7279cf2d0 2 API calls 61394->61397 61436 7ff7279c2e50 11 API calls 61395->61436 61398 7ff7279c1f4b malloc 61397->61398 61399 7ff7279c209a 61398->61399 61400 7ff7279c1f67 fread 61398->61400 61440 7ff7279c2e50 11 API calls 61399->61440 61401 7ff7279c2062 61400->61401 61402 7ff7279c1f81 ferror 61400->61402 61437 7ff7279c2e50 11 API calls 61401->61437 61404 7ff7279c2077 61402->61404 61407 7ff7279c1f9f 61402->61407 61438 7ff7279c2cd0 10 API calls 61404->61438 61410 7ff7279c1ff3 61407->61410 61435 7ff7279c2cd0 10 API calls 61407->61435 61408 7ff7279c2000 fclose 61408->61388 61410->61388 61410->61408 61412 7ff7279cf490 fputc 61411->61412 61413 7ff7279c4034 61412->61413 61413->61381 61414 7ff7279ce5f0 61413->61414 61415 7ff7279ce614 61414->61415 61416 7ff7279ce62f setlocale 61415->61416 61417 7ff7279ce61f _strdup 61415->61417 61418 7ff7279cea7b wcstombs realloc wcstombs setlocale free 61416->61418 61419 7ff7279ce64e 61416->61419 61417->61416 61420 7ff7279c4082 61418->61420 61419->61418 61421 7ff7279ce65d mbstowcs 61419->61421 61420->61380 61422 7ff7279ce240 61421->61422 61423 7ff7279ce6b6 mbstowcs 61422->61423 61424 7ff7279ce704 61423->61424 61425 7ff7279ce76b 61423->61425 61424->61425 61427 7ff7279ce745 setlocale free 61424->61427 61426 7ff7279cea71 61425->61426 61428 7ff7279ce79b 61425->61428 61426->61418 61427->61420 61429 7ff7279ce81a wcstombs realloc wcstombs 61428->61429 61432 7ff7279ce81f wcstombs 61428->61432 61431 7ff7279cea4e setlocale free 61429->61431 61431->61420 61432->61431 61434 7ff7279ce9a5 61432->61434 61434->61431 61435->61407 61436->61388 61437->61388 61438->61388 61439->61388 61440->61388 61441->61324 61443 7ff7279c51de 61442->61443 61518 7ff7279c4f60 61443->61518 61446 7ff7279c5210 61448 7ff7279c521f 61446->61448 61451 7ff7279c40e0 4 API calls 61446->61451 61447 7ff7279c52e7 61543 7ff7279c2cd0 10 API calls 61447->61543 61521 7ff7279c40e0 61448->61521 61453 7ff7279c5289 61451->61453 61452 7ff7279c3aad 61452->61335 61468 7ff7279c5550 61452->61468 61455 7ff7279c528e 61453->61455 61542 7ff7279c2cd0 10 API calls 61453->61542 61454 7ff7279c5234 61456 7ff7279c5239 61454->61456 61541 7ff7279c2cd0 10 API calls 61454->61541 61534 7ff7279c4210 61455->61534 61531 7ff7279c7930 61456->61531 61462 7ff7279c5241 61463 7ff7279c5309 61462->61463 61464 7ff7279c524d 61462->61464 61544 7ff7279c2db0 10 API calls 61463->61544 61540 7ff7279c4410 65 API calls 61464->61540 61466 7ff7279c7930 12 API calls 61466->61448 61469 7ff7279c6fc0 15 API calls 61468->61469 61472 7ff7279c5566 61469->61472 61470 7ff7279c5586 61471 7ff7279c8220 10 API calls 61470->61471 61473 7ff7279c55d2 61471->61473 61472->61470 61575 7ff7279c2d40 10 API calls 61472->61575 61475 7ff7279c579c 61473->61475 61476 7ff7279c55db 61473->61476 61579 7ff7279c2cd0 10 API calls 61475->61579 61478 7ff7279c8220 10 API calls 61476->61478 61479 7ff7279c5606 61478->61479 61480 7ff7279c560f 61479->61480 61481 7ff7279c57b8 61479->61481 61483 7ff7279c4f60 fputc 61480->61483 61581 7ff7279c2cd0 10 API calls 61481->61581 61484 7ff7279c567b 61483->61484 61485 7ff7279c5686 61484->61485 61486 7ff7279c5777 61484->61486 61488 7ff7279c8220 10 API calls 61485->61488 61577 7ff7279c2cd0 10 API calls 61486->61577 61489 7ff7279c569e 61488->61489 61490 7ff7279c57aa 61489->61490 61492 7ff7279c56a7 61489->61492 61580 7ff7279c2cd0 10 API calls 61490->61580 61558 7ff7279c4fb0 61492->61558 61493 7ff7279c3ac3 61493->61335 61507 7ff7279c57d0 strlen 61493->61507 61496 7ff7279c56cd 61574 7ff7279c8320 13 API calls 61496->61574 61498 7ff7279c56eb 61499 7ff7279c56f7 61498->61499 61500 7ff7279c578e 61498->61500 61503 7ff7279c5732 free 61499->61503 61504 7ff7279c5720 free 61499->61504 61578 7ff7279c2cd0 10 API calls 61500->61578 61502 7ff7279c579a 61502->61493 61505 7ff7279c5743 61503->61505 61504->61503 61504->61504 61505->61493 61576 7ff7279c2cd0 10 API calls 61505->61576 61508 7ff7279c580d 61507->61508 61509 7ff7279c58f9 61508->61509 61516 7ff7279c5819 61508->61516 61586 7ff7279c2cd0 10 API calls 61509->61586 61511 7ff7279c3acf 61511->61335 61517 7ff7279c59e0 11 API calls 61511->61517 61512 7ff7279c1af0 31 API calls 61512->61516 61515 7ff7279c58c1 free 61515->61516 61516->61511 61516->61512 61516->61515 61584 7ff7279c1ab0 10 API calls 61516->61584 61585 7ff7279c2cd0 10 API calls 61516->61585 61517->61335 61519 7ff7279cf490 fputc 61518->61519 61520 7ff7279c4f78 61519->61520 61520->61446 61520->61447 61522 7ff7279c4010 fputc 61521->61522 61523 7ff7279c4101 61522->61523 61524 7ff7279c4178 61523->61524 61525 7ff7279c4124 strlen 61523->61525 61524->61454 61525->61524 61526 7ff7279c4139 61525->61526 61527 7ff7279c4160 61526->61527 61528 7ff7279c4149 strncat 61526->61528 61530 7ff7279c4165 strlen 61527->61530 61529 7ff7279c414e 61528->61529 61529->61454 61530->61529 61532 7ff7279c8220 10 API calls 61531->61532 61533 7ff7279c7943 LoadLibraryExW free 61532->61533 61533->61462 61535 7ff7279c421b 61534->61535 61536 7ff7279c8220 10 API calls 61535->61536 61537 7ff7279c4234 61536->61537 61545 7ff7279cf1cb 61537->61545 61540->61452 61541->61456 61542->61455 61543->61452 61544->61452 61552 7ff7279cefe0 61545->61552 61547 7ff7279cf1e7 61548 7ff7279cf214 61547->61548 61549 7ff7279cf208 free 61547->61549 61550 7ff7279c4241 61548->61550 61551 7ff7279cf21a memset 61548->61551 61549->61548 61550->61448 61550->61466 61551->61550 61553 7ff7279cefff 61552->61553 61556 7ff7279cf041 61552->61556 61554 7ff7279cf00f wcslen 61553->61554 61553->61556 61554->61556 61557 7ff7279cf024 61554->61557 61555 7ff7279cf176 malloc memcpy 61555->61556 61556->61547 61557->61555 61557->61556 61559 7ff7279c4fc4 61558->61559 61560 7ff7279c5062 strncmp 61559->61560 61562 7ff7279c50d8 61559->61562 61563 7ff7279c508a mbstowcs 61559->61563 61567 7ff7279c50dd 61559->61567 61582 7ff7279c1ab0 10 API calls 61559->61582 61560->61559 61566 7ff7279c512b _setmode 61562->61566 61562->61567 61563->61559 61564 7ff7279c51b6 61563->61564 61583 7ff7279c2cd0 10 API calls 61564->61583 61568 7ff7279c5142 _fileno _setmode 61566->61568 61567->61496 61569 7ff7279c515a fflush 61568->61569 61570 7ff7279c5169 fflush 61569->61570 61571 7ff7279c5175 61570->61571 61572 7ff7279c5186 setbuf 61571->61572 61573 7ff7279c5197 setbuf 61572->61573 61573->61567 61574->61498 61575->61470 61576->61493 61577->61493 61578->61502 61579->61493 61580->61493 61581->61493 61582->61559 61583->61567 61584->61516 61585->61516 61586->61511 61590 7ff7279cf3e0 fgetpos 61587->61590 61591 7ff7279cf3d8 61590->61591 61591->61349 61592 7ff8a8711bef 61593 7ff8a8734940 61592->61593 61594 7ff8a8734964 ERR_put_error 61593->61594 61596 7ff8a8734994 61593->61596 61595 7ff8a8734982 61594->61595 61596->61595 61597 7ff8a8734a18 CRYPTO_zalloc 61596->61597 61598 7ff8a87349b2 ERR_put_error 61596->61598 61599 7ff8a87349d4 ERR_put_error 61597->61599 61600 7ff8a8734a37 CRYPTO_THREAD_lock_new 61597->61600 61598->61599 61602 7ff8a8734a01 61599->61602 61604 7ff8a8734ab8 61600->61604 61605 7ff8a8734a7e ERR_put_error CRYPTO_free 61600->61605 61604->61599 61606 7ff8a8734ade OPENSSL_LH_new 61604->61606 61605->61602 61606->61599 61607 7ff8a8734afe 61606->61607 61607->61599 61626 7ff8a87117ee 61607->61626 61609 7ff8a8734b34 61609->61599 61610 7ff8a8734b71 OPENSSL_sk_num 61609->61610 61610->61599 61611 7ff8a8734b82 61610->61611 61611->61599 61612 7ff8a8734b97 EVP_get_digestbyname 61611->61612 61612->61599 61613 7ff8a8734bbf EVP_get_digestbyname 61612->61613 61613->61599 61614 7ff8a8734be7 OPENSSL_sk_new_null 61613->61614 61614->61599 61615 7ff8a8734bfc OPENSSL_sk_new_null 61614->61615 61615->61599 61616 7ff8a8734c11 CRYPTO_new_ex_data 61615->61616 61616->61599 61622 7ff8a8734c2d 61616->61622 61617 7ff8a8734c6d RAND_bytes 61618 7ff8a8734c98 RAND_priv_bytes 61617->61618 61619 7ff8a8734cc6 61617->61619 61618->61619 61620 7ff8a8734cad RAND_priv_bytes 61618->61620 61621 7ff8a8734cd0 RAND_priv_bytes 61619->61621 61620->61619 61620->61621 61621->61599 61623 7ff8a8734ce9 61621->61623 61622->61599 61622->61617 61623->61599 61624 7ff8a8734cf9 61623->61624 61632 7ff8a8711438 7 API calls 61624->61632 61626->61609 61627 7ff8a872d480 61626->61627 61633 7ff8a872dcb0 OPENSSL_sk_new_null OPENSSL_sk_free OPENSSL_sk_free 61627->61633 61629 7ff8a872d49f 61630 7ff8a872d4bb 61629->61630 61634 7ff8a8731070 12 API calls 61629->61634 61630->61609 61632->61602 61633->61629 61634->61630 61635 66f86560 PySys_GetObject 61636 66f8658f PyTuple_GetItem 61635->61636 61637 66f86bb7 61635->61637 61636->61637 61638 66f865a6 PyLong_AsLong PyTuple_GetItem 61636->61638 61638->61637 61639 66f865cb PyLong_AsLong PySys_GetObject 61638->61639 61640 66f865f2 GetProcAddress GetProcAddress GetProcAddress PyModule_Create2 61639->61640 61641 66f865e6 PyLong_AsVoidPtr 61639->61641 61640->61637 61642 66f86686 PyModule_GetName 61640->61642 61641->61640 61642->61637 61643 66f8669b strrchr 61642->61643 61644 66f866b8 malloc 61643->61644 61645 66f866ef 61643->61645 61644->61645 61646 66f866d2 memcpy 61644->61646 61647 66f86de0 61645->61647 61648 66f8670e 61645->61648 61646->61645 61649 66f87547 exit 61647->61649 61664 66f86a13 61647->61664 61859 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61647->61859 61650 66f87289 61648->61650 61651 66f86723 PyBytes_FromStringAndSize 61648->61651 61652 66f87299 61650->61652 61653 66f873c7 61650->61653 61655 66f86741 PyBytes_AsString 61651->61655 61690 66f86bb1 61651->61690 61652->61649 61862 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61652->61862 61863 66f81660 13 API calls 61653->61863 61659 66f8675a malloc 61655->61659 61660 66f86bd0 61655->61660 61656 66f86e10 61662 66f86e1c PyErr_Format 61656->61662 61656->61664 61657 66f86a2e 61674 66f87264 61657->61674 61657->61690 61770 66f9eed0 61657->61770 61658 66f86be6 _Py_Dealloc 61658->61637 61659->61660 61665 66f86771 PyCFunction_NewEx 61659->61665 61670 66f86bda _Py_Dealloc 61660->61670 61660->61690 61672 66f86e50 61662->61672 61664->61657 61666 66f872b9 PyErr_Format 61664->61666 61664->61674 61680 66f8750d 61664->61680 61668 66f86bf1 61665->61668 61669 66f867b6 PyCFunction_NewEx 61665->61669 61684 66f872ef 61666->61684 61676 66f86bff 61668->61676 61677 66f86d30 _Py_Dealloc 61668->61677 61669->61668 61675 66f867f9 PyCFunction_NewEx 61669->61675 61670->61637 61670->61658 61685 66f86e6b PyBytes_AsStringAndSize 61672->61685 61672->61690 61673 66f86a53 61811 66f9f730 61673->61811 61675->61668 61681 66f8683c PyBytes_FromStringAndSize 61675->61681 61676->61660 61677->61664 61871 66f81660 13 API calls 61680->61871 61683 66f8686d PyBytes_AsString 61681->61683 61681->61690 61688 66f93b40 61683->61688 61691 66f87300 61684->61691 61692 66f87442 61684->61692 61685->61690 61713 66f86e87 61685->61713 61686 66f874d5 61870 66f81660 13 API calls 61686->61870 61687 66f86aa6 61694 66f86ab2 61687->61694 61695 66f874b7 61687->61695 61696 66f8694b _time64 srand 61688->61696 61690->61637 61690->61658 61691->61649 61721 66f87313 61691->61721 61866 66f880b0 7 API calls 61692->61866 61700 66f86c05 malloc 61694->61700 61705 66f86b4b 61694->61705 61706 66f86af0 strstr 61694->61706 61869 66f81660 13 API calls 61695->61869 61848 66f9d4d0 __iob_func abort 61696->61848 61699 66f86ee2 61699->61692 61711 66f86f09 memcpy 61699->61711 61701 66f874f9 _errno 61700->61701 61702 66f86c20 61700->61702 61714 66f87410 61701->61714 61855 66f87d60 memcpy strlen memcpy __iob_func abort 61702->61855 61703 66f86985 61703->61684 61849 66f9d940 10 API calls 61703->61849 61704 66f86ec5 61860 66f880b0 7 API calls 61704->61860 61709 66f86b5c 61705->61709 61710 66f874f0 61705->61710 61706->61705 61715 66f86b0c 61706->61715 61709->61649 61717 66f86b73 61709->61717 61710->61701 61711->61664 61720 66f86f1f _Py_Dealloc 61711->61720 61713->61699 61713->61704 61864 66f87fb0 8 API calls 61714->61864 61715->61705 61722 66f86b27 strncmp 61715->61722 61716 66f86c43 61856 66ffe8b0 __iob_func abort 61716->61856 61854 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61717->61854 61720->61664 61723 66f87333 PyErr_Format 61721->61723 61722->61700 61722->61705 61723->61690 61725 66f8741a _errno 61725->61690 61727 66f8699a 61727->61684 61850 66f9d6b0 10 API calls 61727->61850 61728 66f86c5f 61730 66f87427 61728->61730 61731 66f86c67 61728->61731 61729 66f86b80 61732 66f8746c 61729->61732 61733 66f86b8c PyErr_Format 61729->61733 61865 66f81660 13 API calls 61730->61865 61736 66f86c79 malloc 61731->61736 61737 66f86c74 free 61731->61737 61867 66f81660 13 API calls 61732->61867 61733->61690 61739 66f87401 _errno 61736->61739 61740 66f86c96 memcpy 61736->61740 61737->61736 61738 66f869af 61738->61684 61851 66f9d0e0 10 API calls 61738->61851 61739->61714 61742 66f86f50 61740->61742 61743 66f86cb7 61740->61743 61742->61649 61766 66f87353 61742->61766 61861 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61742->61861 61745 66f86cbd 61743->61745 61746 66f86d70 61743->61746 61750 66f86cd2 free 61745->61750 61751 66f86cd7 malloc 61745->61751 61762 66f86d06 61745->61762 61746->61649 61746->61766 61858 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61746->61858 61747 66f869c4 61748 66f87499 61747->61748 61749 66f869d2 61747->61749 61868 66f81660 13 API calls 61748->61868 61852 66f9d380 10 API calls 61749->61852 61750->61751 61758 66f87533 _errno 61751->61758 61759 66f86cf4 memcpy 61751->61759 61755 66f86d0e 61755->61690 61769 66f86d16 61755->61769 61757 66f869de 61757->61732 61853 66f9d230 10 API calls 61757->61853 61758->61714 61759->61762 61760 66f86f81 61761 66f86f8d PyErr_Format 61760->61761 61760->61766 61761->61690 61762->61755 61857 66f84050 exit 61762->61857 61763 66f86da1 61765 66f86dad PyErr_Format 61763->61765 61763->61766 61765->61690 61766->61666 61768 66f869f8 61768->61664 61768->61672 61768->61680 61769->61637 61771 66f9f34c 61770->61771 61772 66f9eef0 61770->61772 61879 66f9d070 __iob_func abort 61771->61879 61774 66f9f333 61772->61774 61775 66f9ef0b 61772->61775 61776 66f9f31a 61772->61776 61878 66f9d070 __iob_func abort 61774->61878 61784 66f86a4b 61775->61784 61785 66f9ef65 calloc 61775->61785 61877 66f9d070 __iob_func abort 61776->61877 61784->61653 61784->61673 61788 66f9ef84 61785->61788 61795 66f9f068 61785->61795 61872 66fa1c30 6 API calls 61788->61872 61792 66f9efba 61793 66f9efbe 61792->61793 61794 66f9f030 61792->61794 61873 66fa1ac0 __iob_func abort calloc free 61793->61873 61874 66fa1ac0 __iob_func abort calloc free 61794->61874 61798 66f9f290 61795->61798 61799 66f9f123 61795->61799 61806 66f9f014 61795->61806 61798->61806 61876 66fa1ac0 __iob_func abort calloc free 61798->61876 61799->61806 61875 66fa1ac0 __iob_func abort calloc free 61799->61875 61800 66f9f01e free 61800->61784 61806->61800 61812 66f9f9cb 61811->61812 61813 66f9f76f 61811->61813 61884 66f9d070 __iob_func abort 61812->61884 61815 66f9f9b2 61813->61815 61818 66f9f999 61813->61818 61820 66f9f78a 61813->61820 61821 66f9f980 61813->61821 61883 66f9d070 __iob_func abort 61815->61883 61817 66f9f9e4 memcmp 61819 66f9f8ee free 61817->61819 61847 66f9f9fa 61817->61847 61882 66f9d070 __iob_func abort 61818->61882 61823 66f9f8f6 free 61819->61823 61825 66f86a9e 61820->61825 61828 66f9f804 malloc 61820->61828 61881 66f9d070 __iob_func abort 61821->61881 61827 66f9f905 61823->61827 61825->61686 61825->61687 61826 66fa36f0 21 API calls 61826->61827 61827->61823 61827->61826 61828->61825 61829 66f9f81b 61828->61829 61829->61823 61830 66f9f85a free 61829->61830 61831 66f9f86e 61829->61831 61830->61825 61831->61827 61832 66f9f877 malloc 61831->61832 61832->61823 61833 66f9f8a9 61832->61833 61880 66fa3f80 memcpy 61833->61880 61835 66f9f8d8 61835->61819 61836 66f9f951 61835->61836 61837 66f9f8e3 61835->61837 61836->61827 61885 66fa1010 __iob_func abort 61836->61885 61837->61817 61837->61819 61839 66f9fb01 61840 66f9fb4b 61839->61840 61886 66fa1010 __iob_func abort 61839->61886 61842 66f9fbed free 61840->61842 61843 66f9fb6f 61840->61843 61843->61819 61844 66f9fb9d memcmp 61843->61844 61844->61819 61845 66f9fbbf 61844->61845 61845->61819 61846 66f9fbcd memcmp 61845->61846 61846->61819 61846->61847 61847->61819 61848->61703 61849->61727 61850->61738 61851->61747 61852->61757 61853->61768 61854->61729 61855->61716 61856->61728 61858->61763 61859->61656 61860->61690 61861->61760 61862->61666 61863->61690 61864->61725 61865->61690 61866->61690 61867->61690 61868->61755 61869->61690 61870->61690 61871->61690 61872->61792 61873->61806 61874->61795 61875->61806 61876->61806 61880->61835 61885->61839 61886->61840 61001 7ff8a8728c23 61002 7ff8a8728c30 61001->61002 61003 7ff8a8728c99 61002->61003 61004 7ff8a8728cb5 BIO_ctrl 61002->61004 61005 7ff8a8728cd4 61004->61005 61887 7ff8a871fdb0 61893 7ff8a871fdd2 61887->61893 61888 7ff8a871240f memcpy memcpy SetLastError BIO_read 61888->61893 61889 7ff8a87203c9 EVP_MD_CTX_md EVP_MD_size 61892 7ff8a87203ee 61889->61892 61903 7ff8a871ff2d 61889->61903 61890 7ff8a87202d5 61890->61889 61897 7ff8a872045f 61890->61897 61890->61903 61891 7ff8a87201e8 EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 61891->61890 61891->61893 61892->61897 61899 7ff8a872043c CRYPTO_memcmp 61892->61899 61892->61903 61893->61888 61893->61890 61893->61891 61894 7ff8a8720a20 61893->61894 61893->61903 61896 7ff8a8720a2d strncmp 61894->61896 61894->61903 61895 7ff8a872057e EVP_MD_CTX_md 61898 7ff8a8720593 EVP_MD_CTX_md EVP_MD_size 61895->61898 61909 7ff8a87206c3 61895->61909 61900 7ff8a8720a52 strncmp 61896->61900 61896->61903 61897->61895 61897->61903 61897->61909 61908 7ff8a87205b0 61898->61908 61899->61892 61899->61903 61901 7ff8a8720a72 strncmp 61900->61901 61900->61903 61902 7ff8a8720a8d strncmp 61901->61902 61901->61903 61902->61903 61905 7ff8a8720aa5 strncmp 61902->61905 61905->61903 61906 7ff8a87205df EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 61907 7ff8a872060b EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 61906->61907 61906->61908 61907->61908 61908->61906 61908->61907 61908->61909 61910 7ff8a8720686 CRYPTO_memcmp 61908->61910 61909->61903 61911 7ff8a8711cc6 CRYPTO_malloc COMP_expand_block 61909->61911 61910->61908 61911->61909 61912 66f85861 61913 66f85e59 61912->61913 61914 66f85860 61912->61914 61916 66f86091 61913->61916 61919 66f8634c exit 61913->61919 62033 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61913->62033 61914->61912 61915 66f8587b 61914->61915 61917 66f858a9 61915->61917 61918 66f85881 61915->61918 61916->61919 61947 66f862d7 61917->61947 61971 66f87560 61917->61971 62032 66f8f750 VirtualAlloc memcpy fwrite 61918->62032 61927 66f86374 61919->61927 61965 66f86485 61919->61965 61924 66f85e88 61924->61916 61926 66f85e94 PyErr_Format 61924->61926 61925 66f854b0 PyEval_GetFrame 61930 66f854d1 PyUnicode_FromFormat 61925->61930 61931 66f85542 61925->61931 61926->61916 61928 66f863ac 61927->61928 61934 66f8639c free 61927->61934 61941 66f863bd free 61928->61941 61942 66f863c2 61928->61942 61930->61931 61936 66f854ea Py_DecRef 61930->61936 61932 66f858f8 PyUnicode_AsUTF8 61938 66f85938 PyImport_GetModuleDict PyDict_GetItem 61932->61938 61939 66f8591e 61932->61939 61933 66f85ab4 PyEval_GetFrame 61940 66f858e3 61933->61940 61934->61927 61934->61928 61935 66f86308 61935->61919 61935->61925 61936->61931 61937 66f86179 61937->61919 61937->61947 62034 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61937->62034 61945 66f8597d PyImport_ExecCodeModuleObject PyErr_Occurred 61938->61945 61946 66f85954 PyModule_GetDict PyDict_GetItemString 61938->61946 61939->61938 61939->61945 61940->61932 61940->61937 61941->61942 61943 66f863ce free 61942->61943 61944 66f863d3 61942->61944 61943->61944 61948 66f863df free 61944->61948 61949 66f863e4 61944->61949 61945->61925 61945->61931 61946->61945 61950 66f860c5 PyEval_EvalCode 61946->61950 62035 66f880b0 7 API calls 61947->62035 61948->61949 61952 66f863ed free 61949->61952 61953 66f863f2 61949->61953 61954 66f854fb PyEval_GetFrame 61950->61954 61955 66f860dd Py_DecRef Py_IncRef 61950->61955 61952->61953 61958 66f86408 61953->61958 61961 66f864c2 _Py_Dealloc 61953->61961 61954->61931 61956 66f8551c PyUnicode_FromFormat 61954->61956 61955->61931 61956->61931 61959 66f85535 Py_DecRef 61956->61959 61957 66f861a8 61957->61947 61960 66f861b4 PyErr_Format 61957->61960 61962 66f8641b 61958->61962 61963 66f864e0 _Py_Dealloc 61958->61963 61959->61931 61960->61925 61961->61958 61961->61962 61964 66f86500 _Py_Dealloc 61962->61964 61967 66f86431 61962->61967 61963->61962 61963->61967 61964->61965 61964->61967 61966 66f86530 _Py_Dealloc 61966->61967 61967->61965 61967->61966 61968 66f86550 _Py_Dealloc 61967->61968 61969 66f86540 _Py_Dealloc 61967->61969 61970 66f86520 _Py_Dealloc 61967->61970 61968->61967 61969->61967 61970->61966 61972 66f8758a 61971->61972 61973 66f878d0 61971->61973 61974 66f87593 61972->61974 61984 66f878e6 61972->61984 62112 66ffe970 __iob_func abort 61973->62112 61976 66f87a10 61974->61976 61983 66f875a9 61974->61983 61977 66f87d4b exit 61976->61977 62024 66f87b3f PyErr_Format 61976->62024 62116 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61976->62116 61979 66f8761d 61980 66f8762c 61979->61980 61998 66f87a90 61979->61998 62110 66f8e850 17 API calls 61980->62110 61982 66f875cb malloc 61990 66f87cec PyErr_NoMemory 61982->61990 61991 66f875e1 61982->61991 61983->61979 61983->61982 61985 66f87b90 61983->61985 61984->61976 61984->61977 61984->61985 61987 66f8798b PyErr_Format 61984->61987 61988 66f87b00 61984->61988 62000 66f87923 PyErr_Format 61984->62000 62001 66f87cd5 61984->62001 62012 66f87c9c PyErr_Format 61984->62012 62113 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61984->62113 62114 66ffe9d0 __iob_func abort 61984->62114 62115 66ffeca0 __iob_func abort 61984->62115 61985->61977 61995 66f87bc2 61985->61995 61987->61984 62002 66f87b20 61988->62002 62013 66f87bcf PyErr_Format 61988->62013 61989 66f87a4f 61996 66f87a5b PyErr_Format 61989->61996 61989->62024 61994 66f858cb 61990->61994 62006 66f875f3 61991->62006 62007 66f87ce4 free 61991->62007 61992 66f87645 61992->61994 62003 66f87659 61992->62003 62004 66f878b3 memset 61992->62004 61994->61925 61994->61933 61994->61940 62119 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61995->62119 61996->61998 61998->61977 62117 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 61998->62117 62000->61984 62001->62007 62002->61977 62008 66f87b32 62002->62008 62009 66f87880 PyEval_GetFrame 62003->62009 62010 66f87661 62003->62010 62004->62003 62004->62010 62036 66f93b90 62006->62036 62007->61990 62118 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 62008->62118 62009->61988 62018 66f87893 62009->62018 62010->61994 62017 66f876b0 PyEval_GetFrame 62010->62017 62012->61994 62013->61994 62014 66f87abf 62021 66f87acb PyErr_Format 62014->62021 62014->62024 62030 66f876bf 62017->62030 62018->61988 62018->62010 62021->61988 62022 66f87614 62022->61979 62023 66f87c6d 62022->62023 62023->61977 62026 66f87c8f 62023->62026 62024->61994 62025 66f87835 62111 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 62025->62111 62120 66f813c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 62026->62120 62029 66f87842 62029->62012 62031 66f8784e PyErr_Format 62029->62031 62030->61977 62030->61994 62030->62012 62030->62025 62031->61994 62032->61917 62033->61924 62034->61957 62035->61935 62121 66fe0b90 62036->62121 62041 66fe12c0 malloc 62042 66f93bc9 62041->62042 62133 66fe0cf0 62042->62133 62053 66fdfbf0 malloc 62054 66f93c56 62053->62054 62055 66fdf980 malloc 62054->62055 62056 66f93c6c 62055->62056 62057 66fdfbf0 malloc 62056->62057 62058 66f93c9c 62057->62058 62159 66fdf840 62058->62159 62062 66f93cb4 62166 66fe0750 62062->62166 62065 66fe0750 2 API calls 62066 66f93ccf 62065->62066 62067 66fdf840 malloc 62066->62067 62075 66f93ce2 62067->62075 62068 66f93d60 62069 66fdf840 malloc 62068->62069 62070 66f93d78 62069->62070 62071 66fe0750 2 API calls 62070->62071 62072 66f93d89 62071->62072 62074 66fdfbf0 malloc 62072->62074 62073 66f944a0 62076 66fdfbf0 malloc 62073->62076 62077 66f93dac 62074->62077 62075->62068 62075->62073 62078 66fdfbf0 malloc 62075->62078 62109 66f93f62 62075->62109 62079 66f944b2 62076->62079 62080 66fdfbf0 malloc 62077->62080 62078->62075 62081 66f93dce 62080->62081 62082 66fdfbf0 malloc 62081->62082 62083 66f93ded 62082->62083 62084 66fdfbf0 malloc 62083->62084 62085 66f93e0f 62084->62085 62086 66fdfbf0 malloc 62085->62086 62087 66f93e2b 62086->62087 62088 66fdfbf0 malloc 62087->62088 62089 66f93e4a 62088->62089 62090 66fdfbf0 malloc 62089->62090 62091 66f93e69 62090->62091 62092 66fdfbf0 malloc 62091->62092 62093 66f93e8b 62092->62093 62094 66fdfbf0 malloc 62093->62094 62095 66f93ea7 62094->62095 62096 66fdfbf0 malloc 62095->62096 62097 66f93ec9 62096->62097 62098 66fdfbf0 malloc 62097->62098 62099 66f93ee8 62098->62099 62100 66fdfbf0 malloc 62099->62100 62101 66f93f0a 62100->62101 62102 66fdfbf0 malloc 62101->62102 62103 66f93f26 62102->62103 62104 66fdfbf0 malloc 62103->62104 62105 66f93f48 62104->62105 62172 66fe0ec0 62105->62172 62107 66f93f52 62179 66ffd980 62107->62179 62109->62022 62110->61992 62111->62029 62112->61984 62113->61984 62114->61984 62115->61984 62116->61989 62117->62014 62118->62024 62119->62013 62120->62012 62122 66fe0baa 62121->62122 62202 66ffde00 malloc 62122->62202 62124 66fe0c70 62125 66fdd170 malloc 62124->62125 62126 66fe0c88 62125->62126 62127 66fdd170 malloc 62126->62127 62128 66f93bb6 62127->62128 62129 66fe12c0 62128->62129 62130 66fe12e0 62129->62130 62203 66fdd170 62130->62203 62134 66fe0d0c 62133->62134 62135 66fdf980 malloc 62134->62135 62136 66f93bd9 62134->62136 62135->62136 62137 66fe18c0 62136->62137 62208 66fdf9d0 62137->62208 62140 66fe190c 62142 66fdfbf0 malloc 62140->62142 62141 66fe1951 62143 66fdf980 malloc 62141->62143 62144 66f93bf0 62142->62144 62143->62144 62145 66fdfbf0 62144->62145 62146 66fdd170 malloc 62145->62146 62147 66f93c14 62146->62147 62148 66fe1760 62147->62148 62149 66fdf9d0 malloc 62148->62149 62150 66fe1780 62149->62150 62151 66fe17ac 62150->62151 62152 66fe17f1 62150->62152 62153 66fdfbf0 malloc 62151->62153 62154 66fdf980 malloc 62152->62154 62155 66f93c21 62153->62155 62154->62155 62156 66fdf980 62155->62156 62157 66fdd170 malloc 62156->62157 62158 66f93c37 62157->62158 62158->62053 62160 66fdd170 malloc 62159->62160 62161 66f93cac 62160->62161 62162 66fdff50 62161->62162 62163 66fdff66 62162->62163 62164 66fdff79 62163->62164 62165 66fdd170 malloc 62163->62165 62164->62062 62165->62164 62167 66fe0765 62166->62167 62168 66fdff50 malloc 62167->62168 62169 66fe06e0 62167->62169 62168->62169 62170 66f93cc4 62169->62170 62211 66fe00a0 abort 62169->62211 62170->62065 62173 66fdf840 malloc 62172->62173 62174 66fe0ed9 62173->62174 62175 66fdf980 malloc 62174->62175 62176 66fe0f0e 62175->62176 62212 66fe0d70 62176->62212 62180 66ffd99c 62179->62180 62188 66ffdaa5 62179->62188 62181 66ffdb40 62180->62181 62183 66ffd9ba 62180->62183 62184 66ffdb19 62180->62184 62186 66fff2c0 9 API calls 62181->62186 62181->62188 62244 66fec5a0 6 API calls 62183->62244 62231 66fff2c0 62184->62231 62186->62188 62189 66ffdc19 memset 62188->62189 62191 66ffdab7 62188->62191 62247 66fe44e0 12 API calls 62188->62247 62248 66ffe3a0 memcpy malloc 62188->62248 62189->62188 62194 66ffdad0 62191->62194 62227 67000940 62191->62227 62193 66ffd9e5 62193->62188 62195 66ffdada 62193->62195 62200 66ffda38 62193->62200 62194->62195 62196 67000940 VirtualProtect 62194->62196 62195->62109 62198 66ffdb0c 62196->62198 62198->62109 62199 66fff2c0 9 API calls 62199->62200 62200->62188 62200->62193 62200->62199 62245 66fff490 UnmapViewOfFile GetLastError _errno 62200->62245 62246 66fec5a0 6 API calls 62200->62246 62204 66fdd1b5 62203->62204 62206 66f93bbe 62203->62206 62207 66ffde00 malloc 62204->62207 62206->62041 62209 66fdd170 malloc 62208->62209 62210 66fdf9e5 62209->62210 62210->62140 62210->62141 62211->62170 62219 66fdf7a0 62212->62219 62215 66fdd170 malloc 62216 66fe0db1 62215->62216 62222 66fe06e0 62216->62222 62220 66fdd170 malloc 62219->62220 62221 66fdf7ad 62220->62221 62221->62215 62223 66fe06fd 62222->62223 62225 66fe0705 62222->62225 62223->62225 62226 66fe00a0 abort 62223->62226 62225->62107 62226->62225 62229 6700094a 62227->62229 62228 67000976 VirtualProtect 62230 6700098e 62228->62230 62229->62228 62229->62230 62230->62194 62237 66fff2da 62231->62237 62232 66fff317 _errno 62233 66fff32f 62232->62233 62234 66fff3e0 _errno 62232->62234 62233->62234 62238 66fff342 62233->62238 62235 66fff3ef 62234->62235 62235->62181 62236 66fff478 62237->62232 62237->62236 62239 66fff444 _get_osfhandle 62238->62239 62240 66fff353 CreateFileMappingA 62238->62240 62239->62240 62241 66fff45e _errno 62239->62241 62242 66fff3b8 GetLastError _errno 62240->62242 62243 66fff383 MapViewOfFile CloseHandle 62240->62243 62241->62235 62242->62181 62243->62235 62243->62242 62244->62193 62245->62200 62246->62200 62247->62188 62248->62188 61006 7ff8a87344c0 61007 7ff8a873469e 61006->61007 61008 7ff8a87344c9 61006->61008 61008->61007 61009 7ff8a87344f0 X509_VERIFY_PARAM_free CRYPTO_free CRYPTO_free 61008->61009 61010 7ff8a873455c 7 API calls 61009->61010 61011 7ff8a8734552 61009->61011 61013 7ff8a8711104 61010->61013 61017 7ff8a8711b40 CRYPTO_THREAD_write_lock OPENSSL_LH_set_down_load CRYPTO_THREAD_unlock 61011->61017 61014 7ff8a87345b5 OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_free 61013->61014 61018 7ff8a8712063 11 API calls 61014->61018 61016 7ff8a873460d 7 API calls 61016->61007 61017->61010 61018->61016 62249 7ff8a8732fd0 62250 7ff8a8732fe0 62249->62250 62251 7ff8a873302c 62250->62251 62252 7ff8a8732fec 62250->62252 62253 7ff8a873301f 62251->62253 62255 7ff8a873304b CRYPTO_THREAD_run_once 62251->62255 62252->62253 62254 7ff8a8732ff5 ERR_put_error 62252->62254 62254->62253 62255->62253 62256 7ff8a873306f 62255->62256 62257 7ff8a8733098 62256->62257 62258 7ff8a8733076 CRYPTO_THREAD_run_once 62256->62258 62257->62253 62259 7ff8a873309f CRYPTO_THREAD_run_once 62257->62259 62258->62253 62258->62257 62259->62253 62260 7ff8a8733150 62261 7ff8a873315a 62260->62261 62264 7ff8a8711a19 62261->62264 62263 7ff8a8733162 62264->62263 62266 7ff8a8732f80 62264->62266 62265 7ff8a8732fb4 62265->62263 62266->62265 62267 7ff8a8732fa8 ERR_load_strings_const 62266->62267 62267->62265 61019 7ff8a8755460 61020 7ff8a8711023 61019->61020 61021 7ff8a8755470 ERR_put_error 61020->61021 61022 7ff8a87554a1 61021->61022

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 66F86560 Relevance: 118.2, APIs: 51, Strings: 16, Instructions: 911librarystringloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PySys_GetObject.PYTHON38 ref: 66F86581
                                                                                                                                                                                          • PyTuple_GetItem.PYTHON38 ref: 66F8659B
                                                                                                                                                                                          • PyLong_AsLong.PYTHON38 ref: 66F865B0
                                                                                                                                                                                          • PyTuple_GetItem.PYTHON38 ref: 66F865C0
                                                                                                                                                                                          • PyLong_AsLong.PYTHON38 ref: 66F865CE
                                                                                                                                                                                          • PySys_GetObject.PYTHON38 ref: 66F865DD
                                                                                                                                                                                          • PyLong_AsVoidPtr.PYTHON38 ref: 66F865E9
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 66F8660E
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 66F8662C
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 66F8664A
                                                                                                                                                                                          • PyModule_Create2.PYTHON38 ref: 66F86674
                                                                                                                                                                                          • PyModule_GetName.PYTHON38 ref: 66F86689
                                                                                                                                                                                          • strrchr.MSVCRT ref: 66F866AE
                                                                                                                                                                                          • malloc.MSVCRT ref: 66F866C4
                                                                                                                                                                                          • memcpy.MSVCRT ref: 66F866DE
                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON38 ref: 66F86731
                                                                                                                                                                                          • PyBytes_AsString.PYTHON38 ref: 66F8674B
                                                                                                                                                                                          • malloc.MSVCRT ref: 66F8675F
                                                                                                                                                                                          • PyCFunction_NewEx.PYTHON38 ref: 66F867AA
                                                                                                                                                                                          • PyCFunction_NewEx.PYTHON38 ref: 66F867ED
                                                                                                                                                                                          • PyCFunction_NewEx.PYTHON38 ref: 66F86830
                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON38 ref: 66F8685A
                                                                                                                                                                                          • PyBytes_AsString.PYTHON38 ref: 66F86870
                                                                                                                                                                                          • _time64.MSVCRT ref: 66F8694D
                                                                                                                                                                                          • srand.MSVCRT ref: 66F86955
                                                                                                                                                                                          • strstr.MSVCRT ref: 66F86AFC
                                                                                                                                                                                          • strncmp.MSVCRT ref: 66F86B38
                                                                                                                                                                                          • PyErr_Format.PYTHON38 ref: 66F86BAB
                                                                                                                                                                                          • _Py_Dealloc.PYTHON38 ref: 66F86BDA
                                                                                                                                                                                          • _Py_Dealloc.PYTHON38 ref: 66F86BE9
                                                                                                                                                                                          • malloc.MSVCRT ref: 66F86C0A
                                                                                                                                                                                          • free.MSVCRT ref: 66F86C74
                                                                                                                                                                                          • malloc.MSVCRT ref: 66F86C80
                                                                                                                                                                                          • memcpy.MSVCRT ref: 66F86CA3
                                                                                                                                                                                          • free.MSVCRT ref: 66F86CD2
                                                                                                                                                                                          • malloc.MSVCRT ref: 66F86CDE
                                                                                                                                                                                          • memcpy.MSVCRT ref: 66F86D01
                                                                                                                                                                                          • PyErr_Format.PYTHON38 ref: 66F87348
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9D973
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9D990
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9D9B2
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9D9D2
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9D9F2
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9DA12
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9DA32
                                                                                                                                                                                            • Part of subcall function 66F9D940: memcmp.MSVCRT ref: 66F9DA52
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D6E3
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D703
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D725
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D745
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D765
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D785
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D7A5
                                                                                                                                                                                            • Part of subcall function 66F9D6B0: memcmp.MSVCRT ref: 66F9D7C5
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D10B
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D135
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D154
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D173
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D192
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D1AD
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D1C8
                                                                                                                                                                                            • Part of subcall function 66F9D0E0: strcmp.MSVCRT ref: 66F9D1E3
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D3AB
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D3CF
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D3EB
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D40A
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D429
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D444
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D45F
                                                                                                                                                                                            • Part of subcall function 66F9D380: strcmp.MSVCRT ref: 66F9D47A
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D25B
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D285
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D2A4
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D2C3
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D2E2
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D2FD
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D318
                                                                                                                                                                                            • Part of subcall function 66F9D230: strcmp.MSVCRT ref: 66F9D333
                                                                                                                                                                                          • PyBytes_AsStringAndSize.PYTHON38 ref: 66F86E78
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strcmp$memcmp$Bytes_Stringmalloc$AddressFunction_Long_ProcSizememcpy$DeallocErr_FormatFromItemLongModule_ObjectSys_Tuple_free$Create2NameVoid_time64srandstrncmpstrrchrstrstr
                                                                                                                                                                                          • String ID: %s (%d:%d)$,*$.pyarmor.ikey$000000$C_ASSERT_ARMORED_INDEX$C_ENTER_CO_OBJECT_INDEX$C_LEAVE_CO_OBJECT_INDEX$PyCell_Get$PyCell_New$PyCell_Set$aes$dllhandle$pyarmor_runtime_$sha256$sprng$version_info
                                                                                                                                                                                          • API String ID: 1610873308-3717260241
                                                                                                                                                                                          • Opcode ID: 8ace705db764757fec76ecfa4cca4fd90099bd285529a006ed0375af6e3566cd
                                                                                                                                                                                          • Instruction ID: ba0671170f199a6fcd344bc9cd6982eca266d08f77bade4080d707d4ab4488c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ace705db764757fec76ecfa4cca4fd90099bd285529a006ed0375af6e3566cd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E820F72719B84C2EB01CB26E84435D3BB2FB49B88F8580AAEE5D0B794DF39E555C350
                                                                                                                                                                                          Function 00007FF8A871FDB0 Relevance: 46.3, APIs: 18, Strings: 8, Instructions: 787COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_sizeO_memcmpR_flagsX_cipherX_md
                                                                                                                                                                                          • String ID: $..\s\ssl\record\ssl3_record.c$@$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                          • API String ID: 2456506815-352295518
                                                                                                                                                                                          • Opcode ID: 84683dc052a228b3af1e7c9e7017a012159acb7c1af7fe9e1f8007fe0f155df1
                                                                                                                                                                                          • Instruction ID: 447b90e00e3df95c7ff1e21f48986c4d9ea06b565962e604c040914eb3aae2f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 84683dc052a228b3af1e7c9e7017a012159acb7c1af7fe9e1f8007fe0f155df1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4172AE32E4A68296FB208E11D4447BA67E0FB44BD8F184135DA8D4BB94EF7DD581CB38
                                                                                                                                                                                          Function 00007FF8A8711BEF Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 211COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 546 7ff8a8711bef-7ff8a8734962 call 7ff8a8711023 550 7ff8a8734994-7ff8a87349a2 call 7ff8a871204a 546->550 551 7ff8a8734964-7ff8a873497d ERR_put_error 546->551 552 7ff8a8734982-7ff8a8734993 550->552 555 7ff8a87349a4-7ff8a87349b0 call 7ff8a8711fb9 550->555 551->552 558 7ff8a8734a18-7ff8a8734a35 CRYPTO_zalloc 555->558 559 7ff8a87349b2-7ff8a87349cf ERR_put_error 555->559 560 7ff8a87349d4-7ff8a87349d9 558->560 561 7ff8a8734a37-7ff8a8734a7c CRYPTO_THREAD_lock_new 558->561 559->560 562 7ff8a87349df-7ff8a87349fc ERR_put_error call 7ff8a8712432 560->562 566 7ff8a8734ab8-7ff8a8734ad8 call 7ff8a871248c 561->566 567 7ff8a8734a7e-7ff8a8734ab3 ERR_put_error CRYPTO_free 561->567 565 7ff8a8734a01 562->565 568 7ff8a8734a03-7ff8a8734a17 565->568 566->560 571 7ff8a8734ade-7ff8a8734af8 OPENSSL_LH_new 566->571 567->565 571->560 572 7ff8a8734afe-7ff8a8734b0a call 7ff8a877c0ef 571->572 572->560 575 7ff8a8734b10-7ff8a8734b1f call 7ff8a877c473 572->575 575->560 578 7ff8a8734b25-7ff8a8734b36 call 7ff8a87117ee 575->578 578->560 581 7ff8a8734b3c-7ff8a8734b6b call 7ff8a8711749 578->581 584 7ff8a8734d38-7ff8a8734d43 581->584 585 7ff8a8734b71-7ff8a8734b7c OPENSSL_sk_num 581->585 584->562 585->584 586 7ff8a8734b82-7ff8a8734b91 call 7ff8a877c3a7 585->586 586->560 589 7ff8a8734b97-7ff8a8734bad EVP_get_digestbyname 586->589 590 7ff8a8734bbf-7ff8a8734bd5 EVP_get_digestbyname 589->590 591 7ff8a8734baf-7ff8a8734bba 589->591 592 7ff8a8734be7-7ff8a8734bf6 OPENSSL_sk_new_null 590->592 593 7ff8a8734bd7-7ff8a8734be2 590->593 591->562 592->560 594 7ff8a8734bfc-7ff8a8734c0b OPENSSL_sk_new_null 592->594 593->562 594->560 595 7ff8a8734c11-7ff8a8734c27 CRYPTO_new_ex_data 594->595 595->560 596 7ff8a8734c2d-7ff8a8734c4e call 7ff8a877c341 595->596 596->560 599 7ff8a8734c54-7ff8a8734c5f 596->599 600 7ff8a8734c6d-7ff8a8734c96 RAND_bytes 599->600 601 7ff8a8734c61-7ff8a8734c66 call 7ff8a8711e29 599->601 603 7ff8a8734c98-7ff8a8734cab RAND_priv_bytes 600->603 604 7ff8a8734cc6 600->604 601->600 603->604 605 7ff8a8734cad-7ff8a8734cc4 RAND_priv_bytes 603->605 606 7ff8a8734cd0-7ff8a8734ce3 RAND_priv_bytes 604->606 605->604 605->606 606->560 608 7ff8a8734ce9-7ff8a8734cf3 call 7ff8a871253b 606->608 608->560 611 7ff8a8734cf9-7ff8a8734d33 call 7ff8a8711438 608->611 611->568
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                          • API String ID: 1767461275-1115027282
                                                                                                                                                                                          • Opcode ID: 5b24c21af44ccb3aa0e60b64ae7794df50e2a31ff5bc3ffaaef7f139b0997e92
                                                                                                                                                                                          • Instruction ID: ae9255507c3b091ab037e4e4ceb99b318b8086c016afd469dd505d21d7e35749
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b24c21af44ccb3aa0e60b64ae7794df50e2a31ff5bc3ffaaef7f139b0997e92
                                                                                                                                                                                          • Instruction Fuzzy Hash: EFA16A32A8BB52A1FB55DB21E4543B832A0FF95B88F444035DA8C4A796EF3CE554C339
                                                                                                                                                                                          Function 00007FF8A87344C0 Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$L_sk_free$L_sk_pop_free$E_freeX509_$D_lock_freeD_unlockD_write_lockE_finishH_freeH_set_down_loadM_freeO_free_ex_dataO_secure_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1978915437-1080266419
                                                                                                                                                                                          • Opcode ID: 3074cc76507357f614cec7ce68b8fd44f851b7d8821df7436865e7dd758a2e13
                                                                                                                                                                                          • Instruction ID: deea18acf43151975cff6a0cf9a72075d49d02c3cd8228e27a673dffd61ede4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3074cc76507357f614cec7ce68b8fd44f851b7d8821df7436865e7dd758a2e13
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9841EE65A8BA42A0EB51AF25D8917F82320EF85FC8F044131EE1D4B2AACF6DD545C375
                                                                                                                                                                                          Function 66F87560 Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 873 66f87560-66f87584 874 66f8758a-66f8758d 873->874 875 66f878d0-66f878e8 call 66ffe970 873->875 876 66f87950-66f8795a 874->876 877 66f87593-66f875a3 874->877 890 66f878ee-66f878f8 875->890 891 66f879c0-66f879d4 call 66fff0c0 875->891 879 66f87b90-66f87b97 876->879 880 66f87960-66f8796c 876->880 881 66f875a9-66f875af 877->881 882 66f87a20-66f87a2a 877->882 900 66f87ba0-66f87baa 879->900 884 66f87d4b-66f87d56 exit 880->884 885 66f87972-66f87985 call 66f813c0 880->885 888 66f87680-66f8768e 881->888 889 66f875b5-66f875b7 881->889 886 66f87a30-66f87a3c 882->886 887 66f87c13-66f87c1a 882->887 914 66f8798b-66f879ad PyErr_Format 885->914 915 66f87b00-66f87b07 885->915 886->884 893 66f87a42-66f87a55 call 66f813c0 886->893 905 66f87c22-66f87c29 887->905 888->889 897 66f87694-66f876a2 888->897 894 66f875b9-66f875c5 889->894 895 66f87622-66f87626 889->895 898 66f878fe-66f8790a 890->898 899 66f87d00-66f87d07 890->899 891->890 921 66f879da-66f879e9 call 66ffe9d0 891->921 929 66f87a5b-66f87a7d PyErr_Format 893->929 930 66f87c04-66f87c0b 893->930 894->900 906 66f875cb-66f875db malloc 894->906 901 66f8762c-66f8764b call 66f8e850 895->901 902 66f87a90-66f87a9a 895->902 897->895 908 66f876a8 897->908 898->884 909 66f87910-66f8791d call 66f9db90 898->909 923 66f87d0f-66f87d16 899->923 910 66f87c5e-66f87c68 900->910 911 66f87bb0-66f87bb6 900->911 927 66f87665-66f87676 901->927 935 66f8764d-66f87653 901->935 917 66f87b80-66f87b8a 902->917 918 66f87aa0-66f87aa6 902->918 931 66f87c31-66f87c3b 905->931 919 66f87cec-66f87cf5 PyErr_NoMemory 906->919 920 66f875e1-66f875ed call 66f93b60 906->920 908->894 942 66f87923-66f87945 PyErr_Format 909->942 943 66f87cd5-66f87cdc 909->943 912 66f87bb9-66f87bbc 910->912 911->912 912->884 928 66f87bc2-66f87bd5 call 66f813c0 912->928 914->891 934 66f87b10-66f87b1a 915->934 925 66f87aa9-66f87aac 917->925 918->925 919->927 951 66f875f3-66f8760f call 66f93b90 920->951 952 66f87ce4-66f87ce7 free 920->952 921->890 948 66f879ef-66f87a0a call 66ffeca0 921->948 937 66f87d1e-66f87d25 923->937 925->884 939 66f87ab2-66f87ac5 call 66f813c0 925->939 958 66f87c4f-66f87c59 928->958 959 66f87bd7-66f87bde 928->959 929->902 930->887 940 66f87b55-66f87b73 PyErr_Format 931->940 944 66f87c40-66f87c47 934->944 945 66f87b20-66f87b2c 934->945 946 66f87659-66f8765b 935->946 947 66f878b3-66f878c6 memset 935->947 957 66f87d2d-66f87d37 937->957 939->905 969 66f87acb-66f87aed PyErr_Format 939->969 940->927 942->876 943->952 944->958 945->884 953 66f87b32-66f87b45 call 66f813c0 945->953 954 66f87880-66f8788d PyEval_GetFrame 946->954 955 66f87661-66f87663 946->955 947->955 960 66f878cc 947->960 948->890 976 66f87a10 948->976 970 66f87614-66f87617 951->970 952->919 953->931 980 66f87b4b-66f87b52 953->980 954->934 966 66f87893-66f8789c 954->966 955->927 964 66f876b0-66f876b9 PyEval_GetFrame 955->964 967 66f87cb2-66f87cd0 PyErr_Format 957->967 968 66f87be1-66f87bff PyErr_Format 958->968 959->968 960->954 974 66f876bf-66f876c4 964->974 975 66f87813-66f8781d 964->975 966->934 977 66f878a2-66f878a8 966->977 967->927 968->927 969->915 971 66f87c6d-66f87c77 970->971 972 66f8761d 970->972 978 66f87d3c-66f87d46 971->978 979 66f87c7d-66f87c83 971->979 972->895 982 66f876d5-66f876dc 974->982 975->937 981 66f87823-66f8782f 975->981 976->882 977->927 983 66f878ae 977->983 984 66f87c86-66f87c89 978->984 979->984 980->940 981->884 985 66f87835-66f87848 call 66f813c0 981->985 986 66f876de-66f876e1 982->986 987 66f876d0-66f876d3 982->987 983->964 984->884 988 66f87c8f-66f87ca2 call 66f813c0 984->988 985->923 996 66f8784e-66f87876 PyErr_Format 985->996 986->975 990 66f876e7-66f876ee 986->990 987->982 987->986 988->957 999 66f87ca8-66f87caf 988->999 993 66f876f0-66f876f4 990->993 994 66f87733-66f8773a 990->994 993->994 997 66f876f6-66f87705 993->997 994->975 998 66f87740-66f87747 994->998 996->927 997->994 1000 66f87707-66f87712 997->1000 1001 66f87749-66f8774d 998->1001 1002 66f87793-66f87798 998->1002 999->967 1000->927 1004 66f87718-66f8771e 1000->1004 1001->1002 1005 66f8774f-66f8775e 1001->1005 1003 66f877a0-66f877b6 1002->1003 1003->1003 1006 66f877b8-66f877bb 1003->1006 1007 66f8772e-66f87731 1004->1007 1005->1002 1008 66f87760-66f8776b 1005->1008 1006->975 1009 66f877bd-66f877c4 1006->1009 1007->994 1010 66f87720-66f87728 1007->1010 1008->927 1011 66f87771-66f87777 1008->1011 1009->975 1012 66f877c6-66f877ca 1009->1012 1010->927 1010->1007 1013 66f8778e-66f87791 1011->1013 1012->975 1015 66f877cc-66f877db 1012->1015 1013->1002 1014 66f87780-66f87788 1013->1014 1014->927 1014->1013 1015->975 1016 66f877dd-66f877e8 1015->1016 1016->927 1017 66f877ee-66f877f4 1016->1017 1018 66f8780e-66f87811 1017->1018 1018->975 1019 66f87800-66f87808 1018->1019 1019->927 1019->1018
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Format$malloc
                                                                                                                                                                                          • String ID: %s (%d:%d)
                                                                                                                                                                                          • API String ID: 1817594650-1595188566
                                                                                                                                                                                          • Opcode ID: 4ac074a4df80c3886279f237d81a6164cce285b2daffb49a8b902e7caa7da149
                                                                                                                                                                                          • Instruction ID: 96287a0bb9e6e5ee956589da3d6ccc4c4a0de0d61f7620510b31cfad1f860c96
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac074a4df80c3886279f237d81a6164cce285b2daffb49a8b902e7caa7da149
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E0299B2B19B4082FF15CB2AD48472D3772EB56B88F94459ACE2D0B7A1DF39E150C760
                                                                                                                                                                                          Function 00007FF8A87116B3 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 335COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1142 7ff8a87116b3-7ff8a875db68 call 7ff8a8711023 OPENSSL_sk_new_null 1146 7ff8a875db7e-7ff8a875db8d 1142->1146 1147 7ff8a875db6a-7ff8a875db79 1142->1147 1149 7ff8a875db8f-7ff8a875db96 1146->1149 1150 7ff8a875dbc8-7ff8a875dbd0 1146->1150 1148 7ff8a875e07d 1147->1148 1151 7ff8a875e084 1148->1151 1149->1150 1152 7ff8a875db98-7ff8a875db9d 1149->1152 1153 7ff8a875e06c-7ff8a875e079 1150->1153 1154 7ff8a875dbd6-7ff8a875dc06 1150->1154 1155 7ff8a875e087-7ff8a875e092 call 7ff8a8711a0f 1151->1155 1152->1150 1156 7ff8a875db9f-7ff8a875dba6 1152->1156 1153->1148 1154->1153 1157 7ff8a875dc0c-7ff8a875dc0f 1154->1157 1161 7ff8a875e097 1155->1161 1156->1153 1159 7ff8a875dbac-7ff8a875dbc2 1156->1159 1157->1153 1160 7ff8a875dc15-7ff8a875dc1f 1157->1160 1159->1150 1159->1153 1162 7ff8a875dc20-7ff8a875dc24 1160->1162 1163 7ff8a875e09f-7ff8a875e0cf X509_free OPENSSL_sk_pop_free 1161->1163 1164 7ff8a875dc2a-7ff8a875dc5b 1162->1164 1165 7ff8a875e043-7ff8a875e06a call 7ff8a8711a0f 1162->1165 1164->1165 1167 7ff8a875dc61-7ff8a875dc86 d2i_X509 1164->1167 1165->1161 1169 7ff8a875dc8c-7ff8a875dc95 1167->1169 1170 7ff8a875e030-7ff8a875e041 1167->1170 1171 7ff8a875e01d-7ff8a875e02e 1169->1171 1172 7ff8a875dc9b-7ff8a875dcaa 1169->1172 1170->1151 1171->1151 1173 7ff8a875dd61-7ff8a875dd76 OPENSSL_sk_push 1172->1173 1174 7ff8a875dcb0-7ff8a875dcb7 1172->1174 1176 7ff8a875dd7c-7ff8a875dd86 1173->1176 1177 7ff8a875dff4-7ff8a875e018 call 7ff8a8711a0f 1173->1177 1174->1173 1175 7ff8a875dcbd-7ff8a875dcc2 1174->1175 1175->1173 1178 7ff8a875dcc8-7ff8a875dce2 call 7ff8a87567e0 1175->1178 1176->1162 1180 7ff8a875dd8c-7ff8a875dd9f call 7ff8a8711299 1176->1180 1177->1163 1188 7ff8a875dce8-7ff8a875dd13 call 7ff8a8711f32 1178->1188 1189 7ff8a875ddf6-7ff8a875de09 1178->1189 1186 7ff8a875de0e-7ff8a875de16 ERR_clear_error 1180->1186 1187 7ff8a875dda1-7ff8a875dda3 1180->1187 1192 7ff8a875de18-7ff8a875de3e call 7ff8a8711a0f 1186->1192 1193 7ff8a875de43-7ff8a875de6f OPENSSL_sk_value X509_get0_pubkey 1186->1193 1187->1186 1190 7ff8a875dda5-7ff8a875ddce call 7ff8a8711de8 call 7ff8a8711a0f 1187->1190 1202 7ff8a875dd19-7ff8a875dd45 call 7ff8a8711c7b 1188->1202 1203 7ff8a875dddb-7ff8a875ddf1 CRYPTO_free 1188->1203 1189->1155 1210 7ff8a875ddd3-7ff8a875ddd6 1190->1210 1192->1163 1197 7ff8a875de75-7ff8a875de7f EVP_PKEY_missing_parameters 1193->1197 1198 7ff8a875dfc6-7ff8a875dfef call 7ff8a8711a0f 1193->1198 1197->1198 1199 7ff8a875de85-7ff8a875de98 call 7ff8a8711e1a 1197->1199 1198->1163 1212 7ff8a875de9a-7ff8a875debf call 7ff8a8711a0f 1199->1212 1213 7ff8a875dec4-7ff8a875ded3 1199->1213 1202->1203 1214 7ff8a875dd4b-7ff8a875dd5c CRYPTO_free 1202->1214 1203->1161 1210->1163 1212->1163 1216 7ff8a875dee5-7ff8a875def9 1213->1216 1217 7ff8a875ded5-7ff8a875dedc 1213->1217 1214->1173 1220 7ff8a875defb-7ff8a875df22 call 7ff8a8711a0f 1216->1220 1221 7ff8a875df27-7ff8a875df86 X509_free X509_up_ref 1216->1221 1217->1216 1219 7ff8a875dede-7ff8a875dee3 1217->1219 1219->1216 1219->1221 1220->1163 1223 7ff8a875dfbc-7ff8a875dfc1 1221->1223 1224 7ff8a875df88-7ff8a875df8f 1221->1224 1223->1163 1224->1223 1226 7ff8a875df91-7ff8a875df96 1224->1226 1226->1223 1227 7ff8a875df98-7ff8a875dfb6 call 7ff8a8711d5c 1226->1227 1227->1163 1227->1223
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 1068509327-1507966698
                                                                                                                                                                                          • Opcode ID: ea8542e2d0c08ec1af4a690b0d1237013d2363aebc7463c8f440753958b20a8b
                                                                                                                                                                                          • Instruction ID: 50ba9883a56d6bc2852487969a561afad3312b70f66e97cfafbd2b2984d0370e
                                                                                                                                                                                          • Opcode Fuzzy Hash: ea8542e2d0c08ec1af4a690b0d1237013d2363aebc7463c8f440753958b20a8b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 18E1FE32B4A681A6E724DF16D4407AE3BA0EB84BC8F545035DE9C4BB95CF3DE541CB28
                                                                                                                                                                                          Function 00007FF7279C1154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 602970348-4108050209
                                                                                                                                                                                          • Opcode ID: 3f1495ab5511cedd742e9f649de3f4595af5626ce0540d783a195cd6d88b8f4f
                                                                                                                                                                                          • Instruction ID: a19b0787944a7c4d639931242bc98cd536adccdfc92ae39e1e6552f288cb244b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f1495ab5511cedd742e9f649de3f4595af5626ce0540d783a195cd6d88b8f4f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B61EB75E09B578AFB00AB96DE8436863B0FB4AB84F904436CD8D57365DE3CE4428F60
                                                                                                                                                                                          Function 00007FF8A8732FD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_run_once$R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_init.c
                                                                                                                                                                                          • API String ID: 511881677-1166085723
                                                                                                                                                                                          • Opcode ID: b2378eee409d844732dff69d78f7df6fa75f25bee6d86a9df9ae658098f2cfcd
                                                                                                                                                                                          • Instruction ID: 745899fc8ff9f83cd7b5d59a851b0f79a2a3d908eb3dff3440dc3f06c7a950bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: b2378eee409d844732dff69d78f7df6fa75f25bee6d86a9df9ae658098f2cfcd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19213D25E8B603A6FB60DB25E8403B5A2A2EF843C4F445134D91D432A6EF2DE945D72D
                                                                                                                                                                                          Function 66F85850 Relevance: 63.3, APIs: 30, Strings: 6, Instructions: 326COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 221 66f85850-66f8587f 223 66f858bd-66f858c6 call 66f87560 221->223 224 66f85881-66f858a1 221->224 228 66f858cb-66f858d1 223->228 225 66f858a4 call 66f8f750 224->225 227 66f858a9-66f858ac 225->227 229 66f858b2-66f858b9 227->229 230 66f862f5-66f86308 call 66f880b0 227->230 231 66f854b0-66f854cf PyEval_GetFrame 228->231 232 66f858d7-66f858dd 228->232 229->223 230->231 249 66f8634c-66f8636e exit 230->249 236 66f854d1-66f854e8 PyUnicode_FromFormat 231->236 237 66f85542 231->237 233 66f858e3-66f858e5 232->233 234 66f85aa6-66f85aae 232->234 238 66f858f8-66f8591c PyUnicode_AsUTF8 233->238 239 66f858e7-66f858f2 233->239 234->233 241 66f85ab4-66f85abd PyEval_GetFrame 234->241 236->237 243 66f854ea-66f854f9 Py_DecRef 236->243 240 66f85544-66f85556 237->240 245 66f85938-66f85952 PyImport_GetModuleDict PyDict_GetItem 238->245 246 66f8591e-66f85936 238->246 239->238 244 66f86179-66f86183 239->244 247 66f85ac3-66f85ae0 241->247 248 66f86286-66f8628a 241->248 243->240 255 66f86189-66f86195 244->255 256 66f862e6-66f862ed 244->256 250 66f8597d-66f8599f PyImport_ExecCodeModuleObject PyErr_Occurred 245->250 251 66f85954-66f85977 PyModule_GetDict PyDict_GetItemString 245->251 246->245 246->250 247->233 254 66f85ae6-66f85af1 247->254 248->233 252 66f86374-66f8637e 249->252 253 66f86485-66f8648c 249->253 250->231 259 66f859a5-66f859a9 250->259 251->250 258 66f860c5-66f860d7 PyEval_EvalCode 251->258 260 66f864a4-66f864ab 252->260 261 66f86384-66f8638e 252->261 254->233 255->249 257 66f8619b-66f861ae call 66f813c0 255->257 256->230 278 66f861b4-66f861d9 PyErr_Format 257->278 279 66f862d7-66f862de 257->279 269 66f854fb-66f8551a PyEval_GetFrame 258->269 270 66f860dd-66f860fc Py_DecRef Py_IncRef 258->270 263 66f859ab-66f859b8 259->263 264 66f859bc-66f859c9 259->264 267 66f864ad-66f864b7 260->267 268 66f86490-66f8649f call 66f8f870 260->268 265 66f863ac-66f863bb call 66f93b50 261->265 266 66f86390-66f863aa call 66f93b80 free 261->266 263->264 264->240 282 66f863bd free 265->282 283 66f863c2-66f863cc 265->283 266->265 267->266 275 66f864bd 267->275 268->260 269->237 271 66f8551c-66f85533 PyUnicode_FromFormat 269->271 270->240 271->237 277 66f85535-66f8553c Py_DecRef 271->277 275->265 277->237 278->231 279->256 282->283 284 66f863ce free 283->284 285 66f863d3-66f863dd 283->285 284->285 286 66f863df free 285->286 287 66f863e4-66f863eb 285->287 286->287 288 66f863ed free 287->288 289 66f863f2-66f863fc 287->289 288->289 290 66f86408-66f8640f 289->290 291 66f863fe-66f86402 289->291 293 66f8641b-66f86425 290->293 294 66f86411-66f86415 290->294 291->290 292 66f864c2-66f864cf _Py_Dealloc 291->292 292->294 298 66f864d5 292->298 296 66f86431-66f86438 293->296 297 66f86427-66f8642b 293->297 294->293 295 66f864e0-66f864f0 _Py_Dealloc 294->295 295->297 301 66f864f6 295->301 296->253 300 66f8643a-66f86440 296->300 297->296 299 66f86500-66f8650d _Py_Dealloc 297->299 298->293 299->300 302 66f86513 299->302 303 66f8644c-66f86453 300->303 304 66f86442-66f86446 300->304 301->296 302->253 306 66f8645f-66f86466 303->306 307 66f86455-66f86459 303->307 304->303 305 66f86530-66f8653a _Py_Dealloc 304->305 305->303 309 66f86468-66f8646c 306->309 310 66f86472-66f86479 306->310 307->306 308 66f86550-66f8655a _Py_Dealloc 307->308 308->306 309->310 311 66f86540-66f8654a _Py_Dealloc 309->311 310->253 312 66f8647b-66f8647f 310->312 311->310 312->253 313 66f86520-66f86527 _Py_Dealloc 312->313 313->305
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PyEval_GetFrame.PYTHON38 ref: 66F854C2
                                                                                                                                                                                          • PyUnicode_FromFormat.PYTHON38 ref: 66F854DF
                                                                                                                                                                                          • Py_DecRef.PYTHON38 ref: 66F854F3
                                                                                                                                                                                          • PyUnicode_AsUTF8.PYTHON38 ref: 66F85904
                                                                                                                                                                                          • PyImport_GetModuleDict.PYTHON38 ref: 66F85938
                                                                                                                                                                                          • PyDict_GetItem.PYTHON38 ref: 66F85946
                                                                                                                                                                                          • PyModule_GetDict.PYTHON38 ref: 66F85957
                                                                                                                                                                                          • PyDict_GetItemString.PYTHON38 ref: 66F8596A
                                                                                                                                                                                          • PyImport_ExecCodeModuleObject.PYTHON38 ref: 66F8598D
                                                                                                                                                                                          • PyErr_Occurred.PYTHON38 ref: 66F85996
                                                                                                                                                                                            • Part of subcall function 66F8F750: VirtualAlloc.KERNEL32 ref: 66F8F7A9
                                                                                                                                                                                            • Part of subcall function 66F8F750: memcpy.MSVCRT ref: 66F8F7CC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DictDict_Import_ItemModuleUnicode_$AllocCodeErr_Eval_ExecFormatFrameFromModule_ObjectOccurredStringVirtualmemcpy
                                                                                                                                                                                          • String ID: $%s (%d:%d)$<frozen %U>$__main__$__mp_main__$__spec__
                                                                                                                                                                                          • API String ID: 3240200909-2782528897
                                                                                                                                                                                          • Opcode ID: db3bbc8ce2dc25059c250b18394c3a52027a2ee373e96a4f4f185882a6659b56
                                                                                                                                                                                          • Instruction ID: 94d5e87fc850224974b9346cbd144078ae336d07e205854aaf8dd14c89593fa8
                                                                                                                                                                                          • Opcode Fuzzy Hash: db3bbc8ce2dc25059c250b18394c3a52027a2ee373e96a4f4f185882a6659b56
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CD1AA32B1AB80C6FF058F66E8643687771FB89F99F0845AADA6E07725DF29C054C350
                                                                                                                                                                                          Function 00007FF7279C3680 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 628 7ff7279c3680-7ff7279c36b6 call 7ff7279ce240 632 7ff7279c38f1-7ff7279c38fd call 7ff7279c2cd0 628->632 633 7ff7279c36bc-7ff7279c36ce 628->633 637 7ff7279c3902-7ff7279c390e call 7ff7279c2cd0 632->637 633->637 638 7ff7279c36d4-7ff7279c36d8 633->638 647 7ff7279c3913-7ff7279c3938 637->647 640 7ff7279c37d0 638->640 641 7ff7279c36de-7ff7279c36e5 638->641 642 7ff7279c37d2-7ff7279c37e5 640->642 644 7ff7279c3708-7ff7279c370c 641->644 645 7ff7279c36f0-7ff7279c3702 call 7ff7279c1ab0 644->645 646 7ff7279c370e-7ff7279c3752 call 7ff7279c1af0 call 7ff7279c30b0 644->646 645->640 645->644 657 7ff7279c37e6-7ff7279c37ed call 7ff7279c2cd0 646->657 658 7ff7279c3758-7ff7279c3798 646->658 655 7ff7279c3a6e-7ff7279c3a7a 647->655 656 7ff7279c393e-7ff7279c3959 647->656 666 7ff7279c3a7f-7ff7279c3a81 655->666 662 7ff7279c3a60-7ff7279c3a67 656->662 663 7ff7279c395f-7ff7279c3983 656->663 665 7ff7279c37f2-7ff7279c37f7 657->665 676 7ff7279c379a-7ff7279c37bf 658->676 677 7ff7279c37f9-7ff7279c3811 call 7ff7279c2cd0 658->677 662->655 663->666 670 7ff7279c3989-7ff7279c3a27 663->670 665->642 668 7ff7279c3a48-7ff7279c3a5b 666->668 668->662 670->666 698 7ff7279c3a29-7ff7279c3a3b 670->698 685 7ff7279c37c1-7ff7279c37c9 free 676->685 686 7ff7279c3813-7ff7279c3869 676->686 677->665 685->645 695 7ff7279c3876-7ff7279c3897 call 7ff7279c2230 686->695 696 7ff7279c386b-7ff7279c3873 _strdup 686->696 695->647 704 7ff7279c3899-7ff7279c38c0 _strdup 695->704 696->695 698->668 702 7ff7279c3a3d-7ff7279c3a45 _strdup 698->702 702->668 706 7ff7279c38c9-7ff7279c38ec call 7ff7279c2b10 free * 2 704->706 706->642
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                          • API String ID: 1294909896-4198433784
                                                                                                                                                                                          • Opcode ID: 2fa0cb96d6a66c24afce37b99dbbe1aeb1353e181dde00a5ca884f768decbcc2
                                                                                                                                                                                          • Instruction ID: 44eb19122c901204e15c61470d159ab2007b84dd04a7dd434160ddfb8ee081f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fa0cb96d6a66c24afce37b99dbbe1aeb1353e181dde00a5ca884f768decbcc2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DB13F25A09B4785EE00BB5AEE54179A360FF8AFC4FD44436DD8E47361EE3CE4069B24
                                                                                                                                                                                          Function 66F85861 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 217COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 709 66f85861-66f85865 710 66f85e59-66f85e63 709->710 711 66f85867-66f85870 709->711 714 66f85e69-66f85e75 710->714 715 66f860a0-66f860a7 710->715 712 66f8587b-66f8587f 711->712 713 66f85872-66f85879 711->713 717 66f858bd-66f858c6 call 66f87560 712->717 718 66f85881-66f858a4 call 66f8f750 712->718 713->712 716 66f85860 713->716 719 66f85e7b-66f85e8e call 66f813c0 714->719 720 66f8634c-66f8636e exit 714->720 715->720 716->709 729 66f858cb-66f858d1 717->729 728 66f858a9-66f858ac 718->728 739 66f86091-66f86098 719->739 740 66f85e94-66f85eb3 PyErr_Format 719->740 721 66f86374-66f8637e 720->721 722 66f86485-66f8648c 720->722 726 66f864a4-66f864ab 721->726 727 66f86384-66f8638e 721->727 733 66f864ad-66f864b7 726->733 734 66f86490-66f8649f call 66f8f870 726->734 731 66f863ac-66f863bb call 66f93b50 727->731 732 66f86390-66f863aa call 66f93b80 free 727->732 735 66f858b2-66f858b9 728->735 736 66f862f5-66f86308 call 66f880b0 728->736 737 66f854b0-66f854cf PyEval_GetFrame 729->737 738 66f858d7-66f858dd 729->738 763 66f863bd free 731->763 764 66f863c2-66f863cc 731->764 732->731 733->732 745 66f864bd 733->745 734->726 735->717 736->720 736->737 748 66f854d1-66f854e8 PyUnicode_FromFormat 737->748 749 66f85542 737->749 741 66f858e3-66f858e5 738->741 742 66f85aa6-66f85aae 738->742 739->715 740->739 750 66f858f8-66f8591c PyUnicode_AsUTF8 741->750 751 66f858e7-66f858f2 741->751 742->741 753 66f85ab4-66f85abd PyEval_GetFrame 742->753 745->731 748->749 757 66f854ea-66f854f9 Py_DecRef 748->757 752 66f85544-66f85556 749->752 759 66f85938-66f85952 PyImport_GetModuleDict PyDict_GetItem 750->759 760 66f8591e-66f85936 750->760 751->750 758 66f86179-66f86183 751->758 761 66f85ac3-66f85ae0 753->761 762 66f86286-66f8628a 753->762 757->752 770 66f86189-66f86195 758->770 771 66f862e6-66f862ed 758->771 767 66f8597d-66f8599f PyImport_ExecCodeModuleObject PyErr_Occurred 759->767 768 66f85954-66f85977 PyModule_GetDict PyDict_GetItemString 759->768 760->759 760->767 761->741 769 66f85ae6-66f85af1 761->769 762->741 763->764 765 66f863ce free 764->765 766 66f863d3-66f863dd 764->766 765->766 773 66f863df free 766->773 774 66f863e4-66f863eb 766->774 767->737 776 66f859a5-66f859a9 767->776 768->767 775 66f860c5-66f860d7 PyEval_EvalCode 768->775 769->741 770->720 772 66f8619b-66f861ae call 66f813c0 770->772 771->736 789 66f861b4-66f861d9 PyErr_Format 772->789 790 66f862d7-66f862de 772->790 773->774 778 66f863ed free 774->778 779 66f863f2-66f863fc 774->779 782 66f854fb-66f8551a PyEval_GetFrame 775->782 783 66f860dd-66f860fc Py_DecRef Py_IncRef 775->783 780 66f859ab-66f859b8 776->780 781 66f859bc-66f859c9 776->781 778->779 786 66f86408-66f8640f 779->786 787 66f863fe-66f86402 779->787 780->781 781->752 782->749 784 66f8551c-66f85533 PyUnicode_FromFormat 782->784 783->752 784->749 788 66f85535-66f8553c Py_DecRef 784->788 792 66f8641b-66f86425 786->792 793 66f86411-66f86415 786->793 787->786 791 66f864c2-66f864cf _Py_Dealloc 787->791 788->749 789->737 790->771 791->793 797 66f864d5 791->797 795 66f86431-66f86438 792->795 796 66f86427-66f8642b 792->796 793->792 794 66f864e0-66f864f0 _Py_Dealloc 793->794 794->796 800 66f864f6 794->800 795->722 799 66f8643a-66f86440 795->799 796->795 798 66f86500-66f8650d _Py_Dealloc 796->798 797->792 798->799 801 66f86513 798->801 802 66f8644c-66f86453 799->802 803 66f86442-66f86446 799->803 800->795 801->722 805 66f8645f-66f86466 802->805 806 66f86455-66f86459 802->806 803->802 804 66f86530-66f8653a _Py_Dealloc 803->804 804->802 808 66f86468-66f8646c 805->808 809 66f86472-66f86479 805->809 806->805 807 66f86550-66f8655a _Py_Dealloc 806->807 807->805 808->809 810 66f86540-66f8654a _Py_Dealloc 808->810 809->722 811 66f8647b-66f8647f 809->811 810->809 811->722 812 66f86520-66f86527 _Py_Dealloc 811->812 812->804
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PyUnicode_AsUTF8.PYTHON38 ref: 66F85904
                                                                                                                                                                                          • PyImport_GetModuleDict.PYTHON38 ref: 66F85938
                                                                                                                                                                                          • PyDict_GetItem.PYTHON38 ref: 66F85946
                                                                                                                                                                                          • PyModule_GetDict.PYTHON38 ref: 66F85957
                                                                                                                                                                                          • PyDict_GetItemString.PYTHON38 ref: 66F8596A
                                                                                                                                                                                          • PyImport_ExecCodeModuleObject.PYTHON38 ref: 66F8598D
                                                                                                                                                                                          • PyErr_Occurred.PYTHON38 ref: 66F85996
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DictDict_Import_ItemModule$CodeErr_ExecModule_ObjectOccurredStringUnicode_
                                                                                                                                                                                          • String ID: $%s (%d:%d)$__main__$__mp_main__$__spec__
                                                                                                                                                                                          • API String ID: 4088344453-4025645406
                                                                                                                                                                                          • Opcode ID: 9dbca92b45b22755f182dd9fd9453eae78080b2a8cd5e8e99871cdfe5034526d
                                                                                                                                                                                          • Instruction ID: 91b9f1b8619ca420024f8a307cfd60020474cd34f91eac12201592baaf686658
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dbca92b45b22755f182dd9fd9453eae78080b2a8cd5e8e99871cdfe5034526d
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC81AC32B16B8086FF55CF66E8A03697371EB85B99F4845AADE6E07B15DF29C041C310
                                                                                                                                                                                          Function 00007FF7279C5550 Relevance: 28.6, APIs: 2, Strings: 17, Instructions: 140COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$EnvironmentVariable
                                                                                                                                                                                          • String ID: %s%c%s%c%s%c%s%c%s$;$;$C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\al$C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI65682$Error detected starting Python VM.$Failed to convert argv to wchar_t$Failed to convert progname to wchar_t$Failed to convert pyhome to wchar_t$Failed to convert pypath to wchar_t$Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!$PYTHONUTF8$\$\$base_library.zip$lib-dynload$sys.path (based on %s) exceeds buffer[%d] space
                                                                                                                                                                                          • API String ID: 471908985-2946291427
                                                                                                                                                                                          • Opcode ID: 6c2db0bba423be41e4861828949d628ae1a0d74cdd7492b37fb200340079b5ad
                                                                                                                                                                                          • Instruction ID: 79fda2a5667d0184d855dbe2edce5069628d39eaaf0ea2d024a53977d3fe08f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c2db0bba423be41e4861828949d628ae1a0d74cdd7492b37fb200340079b5ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78617B21A0DB5781FE11BB11EE552B9A361EF8AB80FD0003AD98D073A5CE2CE5478F20
                                                                                                                                                                                          Function 00007FF7279C1710 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 198fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1020 7ff7279c1710-7ff7279c177d call 7ff7279c8af0 1023 7ff7279c1783-7ff7279c1793 malloc 1020->1023 1024 7ff7279c19fb-7ff7279c1a13 call 7ff7279c2cd0 1020->1024 1025 7ff7279c1a5a-7ff7279c1a71 call 7ff7279c2e50 1023->1025 1026 7ff7279c1799-7ff7279c17a9 malloc 1023->1026 1035 7ff7279c1a18-7ff7279c1a36 1024->1035 1036 7ff7279c1a52 1025->1036 1030 7ff7279c17af 1026->1030 1031 7ff7279c1a3b-7ff7279c1a4d call 7ff7279c2e50 1026->1031 1034 7ff7279c17b3-7ff7279c17d5 fread 1030->1034 1031->1036 1037 7ff7279c18f5 1034->1037 1038 7ff7279c17db-7ff7279c17e5 ferror 1034->1038 1040 7ff7279c1990-7ff7279c1998 1035->1040 1036->1025 1039 7ff7279c18fa-7ff7279c1927 call 7ff7279ca980 free * 2 1037->1039 1038->1037 1041 7ff7279c17eb-7ff7279c1805 1038->1041 1043 7ff7279c1893-7ff7279c1895 1040->1043 1044 7ff7279c1808-7ff7279c1824 call 7ff7279c8ba0 1041->1044 1043->1044 1047 7ff7279c189b-7ff7279c18b5 1043->1047 1051 7ff7279c18d0-7ff7279c18d3 1044->1051 1052 7ff7279c182a-7ff7279c182d 1044->1052 1049 7ff7279c1a73-7ff7279c1a75 1047->1049 1050 7ff7279c18bb-7ff7279c18be 1047->1050 1049->1039 1050->1034 1053 7ff7279c18c4-7ff7279c18cc 1050->1053 1055 7ff7279c1833-7ff7279c184c 1051->1055 1057 7ff7279c18d9-7ff7279c18dc 1051->1057 1054 7ff7279c1930-7ff7279c1936 1052->1054 1052->1055 1053->1039 1056 7ff7279c18ce 1053->1056 1060 7ff7279c18e2-7ff7279c18f0 call 7ff7279c2cd0 1054->1060 1058 7ff7279c1852-7ff7279c1874 fwrite 1055->1058 1059 7ff7279c1940-7ff7279c1949 1055->1059 1056->1060 1057->1060 1061 7ff7279c187a-7ff7279c1889 ferror 1058->1061 1062 7ff7279c19ed-7ff7279c19f6 1058->1062 1059->1043 1063 7ff7279c194f-7ff7279c1953 1059->1063 1060->1037 1061->1062 1065 7ff7279c188f 1061->1065 1062->1060 1066 7ff7279c19a0-7ff7279c19eb 1063->1066 1067 7ff7279c1955-7ff7279c1959 1063->1067 1065->1043 1066->1040 1067->1035 1068 7ff7279c195f-7ff7279c1962 1067->1068 1068->1040 1069 7ff7279c1964-7ff7279c1975 1068->1069 1069->1040 1070 7ff7279c1977-7ff7279c198b 1069->1070 1070->1040
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                          • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$_MEIPASS2$malloc
                                                                                                                                                                                          • API String ID: 1635854594-2461342963
                                                                                                                                                                                          • Opcode ID: 6cf505f776572dba006975a4b746409e185afe5d4e3b4701ddcdd87873d52363
                                                                                                                                                                                          • Instruction ID: 8aa50c053ca59cda3184367f4cf4b765baec85a3ea422c05912404ae0cbe769e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf505f776572dba006975a4b746409e185afe5d4e3b4701ddcdd87873d52363
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E81C472A0C78381EA20AB15EE403BAA391FB5ABA4F944135DECD437D5DE3CD4868F14
                                                                                                                                                                                          Function 00007FF7279CE5F0 Relevance: 25.9, APIs: 17, Instructions: 353COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1071 7ff7279ce5f0-7ff7279ce61d call 7ff7279d8588 1074 7ff7279ce62f-7ff7279ce648 setlocale 1071->1074 1075 7ff7279ce61f-7ff7279ce62b _strdup 1071->1075 1076 7ff7279cea7b-7ff7279ceaf1 wcstombs realloc wcstombs setlocale free 1074->1076 1077 7ff7279ce64e-7ff7279ce657 1074->1077 1075->1074 1078 7ff7279ceaf8-7ff7279ceb04 1076->1078 1077->1076 1079 7ff7279ce65d-7ff7279ce702 mbstowcs call 7ff7279ce240 mbstowcs 1077->1079 1082 7ff7279ce704-7ff7279ce70f 1079->1082 1083 7ff7279ce76b-7ff7279ce770 1079->1083 1084 7ff7279ce711-7ff7279ce71c 1082->1084 1085 7ff7279ce71e-7ff7279ce733 1082->1085 1086 7ff7279ce772-7ff7279ce781 1083->1086 1087 7ff7279ce78b-7ff7279ce795 1083->1087 1084->1083 1084->1085 1088 7ff7279ce735-7ff7279ce743 1085->1088 1089 7ff7279ce78a 1085->1089 1086->1087 1090 7ff7279ce783-7ff7279ce788 1086->1090 1091 7ff7279cea71-7ff7279cea74 1087->1091 1092 7ff7279ce79b-7ff7279ce7ab 1087->1092 1088->1089 1093 7ff7279ce745-7ff7279ce766 setlocale free 1088->1093 1089->1087 1090->1087 1091->1076 1094 7ff7279ce801-7ff7279ce80b 1092->1094 1095 7ff7279cea76-7ff7279cea79 1093->1095 1096 7ff7279ce7ad-7ff7279ce7b8 1094->1096 1097 7ff7279ce80d 1094->1097 1095->1078 1099 7ff7279ce7ce-7ff7279ce7d9 1096->1099 1100 7ff7279ce7ba-7ff7279ce7c5 1096->1100 1098 7ff7279ce810-7ff7279ce818 1097->1098 1103 7ff7279ce81f-7ff7279ce82c 1098->1103 1104 7ff7279ce81a-7ff7279ce9c3 1098->1104 1101 7ff7279ce7db-7ff7279ce7e6 1099->1101 1102 7ff7279ce7c9 1099->1102 1105 7ff7279ce7fc 1100->1105 1106 7ff7279ce7c7 1100->1106 1101->1102 1107 7ff7279ce7e8-7ff7279ce7f2 1101->1107 1102->1099 1109 7ff7279ce82e-7ff7279ce839 1103->1109 1110 7ff7279ce848-7ff7279ce850 1103->1110 1113 7ff7279ce9c5-7ff7279ce9d0 1104->1113 1114 7ff7279ce9d2-7ff7279ce9d7 1104->1114 1105->1094 1106->1099 1111 7ff7279ce7f4-7ff7279ce7f8 1107->1111 1112 7ff7279ce80f 1107->1112 1109->1103 1115 7ff7279ce83b-7ff7279ce846 1109->1115 1116 7ff7279ce852-7ff7279ce85d 1110->1116 1117 7ff7279ce8aa-7ff7279ce8c0 1110->1117 1111->1105 1112->1098 1113->1114 1119 7ff7279ce9d9-7ff7279ce9e5 1113->1119 1120 7ff7279ce9ea-7ff7279cea49 wcstombs realloc wcstombs 1114->1120 1115->1103 1115->1110 1121 7ff7279ce85f-7ff7279ce86a 1116->1121 1122 7ff7279ce86c-7ff7279ce881 1116->1122 1118 7ff7279ce8c7-7ff7279ce8d2 1117->1118 1124 7ff7279ce8d4-7ff7279ce8df 1118->1124 1125 7ff7279ce8c2 1118->1125 1119->1120 1126 7ff7279cea4e-7ff7279cea6f setlocale free 1120->1126 1121->1117 1121->1122 1122->1117 1123 7ff7279ce883-7ff7279ce892 1122->1123 1123->1117 1127 7ff7279ce894-7ff7279ce8a3 1123->1127 1124->1125 1128 7ff7279ce8e1-7ff7279ce8ed 1124->1128 1125->1118 1126->1095 1127->1117 1129 7ff7279ce8a5 1127->1129 1130 7ff7279ce903-7ff7279ce907 1128->1130 1131 7ff7279ce8ef-7ff7279ce901 1128->1131 1129->1117 1132 7ff7279ce90b-7ff7279ce913 1130->1132 1131->1130 1131->1132 1133 7ff7279ce96a-7ff7279ce974 1132->1133 1134 7ff7279ce915-7ff7279ce932 1133->1134 1135 7ff7279ce976-7ff7279ce99f wcstombs 1133->1135 1137 7ff7279ce934-7ff7279ce947 1134->1137 1138 7ff7279ce950-7ff7279ce95b 1134->1138 1135->1126 1136 7ff7279ce9a5-7ff7279ce9b3 1135->1136 1136->1126 1137->1133 1141 7ff7279ce949 1137->1141 1139 7ff7279ce94b 1138->1139 1140 7ff7279ce95d-7ff7279ce968 1138->1140 1139->1138 1140->1133 1140->1139 1141->1138
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 918573998-0
                                                                                                                                                                                          • Opcode ID: 30c4e4267fcb227265aafe865f49b797c53b41fb4bd24bb1f8e912d3ccb7a715
                                                                                                                                                                                          • Instruction ID: f48fbb509de98b3096936b47dfb1fa87b30a37f61a05e454357db1673e4b744d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c4e4267fcb227265aafe865f49b797c53b41fb4bd24bb1f8e912d3ccb7a715
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F14F66F04B1688EF50ABA6C9452BC73B4FB09B98F844439DE8D17799DF38D4428B20
                                                                                                                                                                                          Function 00007FF7279C1E80 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freadmalloc$fcloseferrorfree
                                                                                                                                                                                          • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 1320676746-1463511288
                                                                                                                                                                                          • Opcode ID: e7b747d81d1aacc44bb2b14ed2583dad3f91a9f3e03075b02fe3451e85c1c604
                                                                                                                                                                                          • Instruction ID: 2902b1c54debedb522e8f63be2e7dee280cd29cfc99084bbdb49603322cf42ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: e7b747d81d1aacc44bb2b14ed2583dad3f91a9f3e03075b02fe3451e85c1c604
                                                                                                                                                                                          • Instruction Fuzzy Hash: E6515F71A0970396EE14EB15DA84179A7A1FB4EB40F84803ADA4D47795DF3CE462CF24
                                                                                                                                                                                          Function 66FFF2C0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1272 66fff2c0-66fff2d8 1273 66fff2da-66fff2ec 1272->1273 1274 66fff312-66fff315 1272->1274 1275 66fff2f2-66fff2f4 1273->1275 1276 66fff400-66fff402 1273->1276 1277 66fff317-66fff329 _errno 1274->1277 1280 66fff2fa-66fff302 1275->1280 1281 66fff420-66fff422 1275->1281 1278 66fff434-66fff43f 1276->1278 1279 66fff404-66fff415 1276->1279 1282 66fff32f-66fff333 1277->1282 1283 66fff3e0-66fff3e9 _errno 1277->1283 1278->1277 1279->1277 1287 66fff30d-66fff310 1280->1287 1288 66fff304-66fff30b 1280->1288 1285 66fff478-66fff47d 1281->1285 1286 66fff424-66fff42a 1281->1286 1282->1283 1289 66fff339-66fff33c 1282->1289 1284 66fff3ef-66fff3fe 1283->1284 1286->1278 1287->1277 1288->1277 1288->1287 1289->1283 1290 66fff342-66fff34d 1289->1290 1291 66fff444-66fff458 _get_osfhandle 1290->1291 1292 66fff353-66fff381 CreateFileMappingA 1290->1292 1291->1292 1293 66fff45e-66fff473 _errno 1291->1293 1294 66fff3b8-66fff3da GetLastError _errno 1292->1294 1295 66fff383-66fff3b6 MapViewOfFile CloseHandle 1292->1295 1293->1284 1295->1284 1295->1294
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                          • String ID: $@$@
                                                                                                                                                                                          • API String ID: 896588047-3743272326
                                                                                                                                                                                          • Opcode ID: 8bce634052248ac0fe09119566a57010313dbdf8e4743f0df6502e78c6b4aa78
                                                                                                                                                                                          • Instruction ID: e52eec593fddd049e3133b1fc536c989496648b384d660d646d9b8e591064491
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bce634052248ac0fe09119566a57010313dbdf8e4743f0df6502e78c6b4aa78
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64412073E3665086F7914B26EC0174AA151BB8ABB8F490322DE79177F0EB3CC842C341
                                                                                                                                                                                          Function 00007FF7279C1AF0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclosefreadfreemalloc
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 3295367466-3659356012
                                                                                                                                                                                          • Opcode ID: 58006aa4fa0811e58adab2c8686ef5c2ffc0bfd9ba691f17310316d00bb1788f
                                                                                                                                                                                          • Instruction ID: 6864d483e5919dabf587d516cebf1aa0a9a4456185b9d6a6e5c3e1df55ff8893
                                                                                                                                                                                          • Opcode Fuzzy Hash: 58006aa4fa0811e58adab2c8686ef5c2ffc0bfd9ba691f17310316d00bb1788f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F3101A2B4975340FE04BB129E546BA9210EF2ABC8FC44036DD8D07695EE3CE947CF24
                                                                                                                                                                                          Function 00007FF7279C16D0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 285stringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1329 7ff7279c16d0-7ff7279c3b83 call 7ff7279c8170 call 7ff7279ce240 call 7ff7279c21b0 1337 7ff7279c3b89-7ff7279c3b9c call 7ff7279c42f0 1329->1337 1338 7ff7279c3f38 1329->1338 1337->1338 1342 7ff7279c3ba2-7ff7279c3bb7 call 7ff7279c4380 1337->1342 1340 7ff7279c3f40-7ff7279c3f4f call 7ff7279c5ee0 1338->1340 1347 7ff7279c3f51-7ff7279c3f5d call 7ff7279c6100 1340->1347 1348 7ff7279c3f5f-7ff7279c3f73 call 7ff7279c6310 call 7ff7279c61b0 1340->1348 1342->1338 1349 7ff7279c3bbd-7ff7279c3bd2 call 7ff7279c4370 1342->1349 1347->1348 1357 7ff7279c3fd8-7ff7279c3fe5 call 7ff7279c6430 1347->1357 1363 7ff7279c3f80-7ff7279c3f90 call 7ff7279c20b0 1348->1363 1349->1338 1359 7ff7279c3bd8-7ff7279c3bed call 7ff7279c6fc0 1349->1359 1365 7ff7279c3fea-7ff7279c3ff5 fclose 1357->1365 1367 7ff7279c3d50-7ff7279c3d68 call 7ff7279c70b0 call 7ff7279c20b0 1359->1367 1368 7ff7279c3bf3-7ff7279c3c0d call 7ff7279c6fc0 1359->1368 1373 7ff7279c3c56-7ff7279c3c8a call 7ff7279c8220 1363->1373 1374 7ff7279c3f96 1363->1374 1369 7ff7279c3fa6-7ff7279c3fb5 call 7ff7279c2cd0 1365->1369 1391 7ff7279c3f10-7ff7279c3f20 call 7ff7279c20b0 1367->1391 1392 7ff7279c3d6e-7ff7279c3d8e call 7ff7279c3520 1367->1392 1381 7ff7279c3c0f-7ff7279c3c15 1368->1381 1382 7ff7279c3c38-7ff7279c3c49 call 7ff7279c70b0 call 7ff7279c20b0 1368->1382 1369->1338 1393 7ff7279c3c90-7ff7279c3c99 SetDllDirectoryW call 7ff7279c6170 1373->1393 1394 7ff7279c3ff7-7ff7279c4003 call 7ff7279c2cd0 1373->1394 1379 7ff7279c3f26-7ff7279c3f33 call 7ff7279c2cd0 1374->1379 1379->1338 1388 7ff7279c3f00 1381->1388 1389 7ff7279c3c1b-7ff7279c3c33 free call 7ff7279c70b0 1381->1389 1402 7ff7279c3c4e-7ff7279c3c50 1382->1402 1388->1391 1389->1382 1391->1379 1406 7ff7279c3da8-7ff7279c3dbd call 7ff7279c43b0 1391->1406 1407 7ff7279c3d94-7ff7279c3d99 1392->1407 1408 7ff7279c3e3e-7ff7279c3e43 call 7ff7279c6170 1392->1408 1405 7ff7279c3c9e-7ff7279c3ca9 1393->1405 1394->1338 1402->1363 1402->1373 1409 7ff7279c3caf-7ff7279c3cb4 call 7ff7279c61b0 1405->1409 1410 7ff7279c3e48-7ff7279c3e58 call 7ff7279c5cc0 1405->1410 1420 7ff7279c3fa0 1406->1420 1421 7ff7279c3dc3-7ff7279c3e10 call 7ff7279c7d40 1406->1421 1407->1406 1408->1410 1418 7ff7279c3cb9-7ff7279c3cc6 strcmp 1409->1418 1410->1340 1419 7ff7279c3e5e-7ff7279c3e6b call 7ff7279c61b0 1410->1419 1422 7ff7279c3d0a-7ff7279c3d15 call 7ff7279c3a90 call 7ff7279c3aa0 1418->1422 1423 7ff7279c3cc8-7ff7279c3ceb call 7ff7279c3b20 1418->1423 1419->1418 1434 7ff7279c3e71-7ff7279c3e80 call 7ff7279c3580 1419->1434 1420->1369 1421->1365 1435 7ff7279c3e16-7ff7279c3e38 call 7ff7279c3520 1421->1435 1436 7ff7279c3d1a-7ff7279c3d33 call 7ff7279c3b00 call 7ff7279c6310 call 7ff7279c61b0 1422->1436 1423->1338 1432 7ff7279c3cf1-7ff7279c3d05 strcpy 1423->1432 1432->1422 1434->1338 1443 7ff7279c3e86-7ff7279c3e90 1434->1443 1435->1407 1435->1408 1452 7ff7279c3d38-7ff7279c3d4d 1436->1452 1445 7ff7279c3e92 1443->1445 1446 7ff7279c3e99-7ff7279c3eac call 7ff7279c7050 call 7ff7279c7990 1443->1446 1445->1446 1446->1338 1454 7ff7279c3eb2-7ff7279c3ee5 call 7ff7279c3b10 call 7ff7279c79a0 call 7ff7279c6310 call 7ff7279c61b0 1446->1454 1463 7ff7279c3fc0-7ff7279c3fcc call 7ff7279c7470 1454->1463 1464 7ff7279c3eeb-7ff7279c3ef3 call 7ff7279c21f0 1454->1464 1463->1464 1464->1452
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$EnvironmentVariable$DirectoryFileModuleNamecallocstrcmpstrcpy
                                                                                                                                                                                          • String ID: Cannot side-load external archive %s (code %d)!$Error opening archive rN6uDF85M8 from executable (%s) or external archive (%s)$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                          • API String ID: 4056350997-281236135
                                                                                                                                                                                          • Opcode ID: 325faec1814eae0a2b1e7fbfdbf89f0e7aedcb17bcb967cd32c2dbc4471c5a70
                                                                                                                                                                                          • Instruction ID: 567acb53f7c44863e0753c86e9b22d24ab2bf24a08e81d8a45d56bfa0c0c7b26
                                                                                                                                                                                          • Opcode Fuzzy Hash: 325faec1814eae0a2b1e7fbfdbf89f0e7aedcb17bcb967cd32c2dbc4471c5a70
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CC15F21A1874350FE10BB229E511BAE264EF8ABC0FC44439ED8E477D6DE2CE5068F25
                                                                                                                                                                                          Function 00007FF8A8711A0A Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1469 7ff8a8711a0a-7ff8a8755ad4 call 7ff8a8711023 * 2 1476 7ff8a8755ada-7ff8a8755af1 ERR_clear_error SetLastError 1469->1476 1477 7ff8a8755de3-7ff8a8755dfd 1469->1477 1478 7ff8a8755b01-7ff8a8755b08 1476->1478 1479 7ff8a8755af3-7ff8a8755afa 1476->1479 1480 7ff8a8755b0a-7ff8a8755b0e 1478->1480 1481 7ff8a8755b16-7ff8a8755b23 1478->1481 1479->1478 1482 7ff8a8755b35-7ff8a8755b3a 1480->1482 1483 7ff8a8755b10-7ff8a8755b14 1480->1483 1481->1482 1484 7ff8a8755b25-7ff8a8755b2f call 7ff8a8711906 1481->1484 1486 7ff8a8755b3c-7ff8a8755b3f 1482->1486 1487 7ff8a8755b47 1482->1487 1483->1481 1483->1482 1484->1477 1484->1482 1490 7ff8a8755d65-7ff8a8755d68 1486->1490 1491 7ff8a8755b45 1486->1491 1489 7ff8a8755b4b-7ff8a8755b52 1487->1489 1494 7ff8a8755b9c-7ff8a8755bb1 1489->1494 1495 7ff8a8755b54-7ff8a8755b62 1489->1495 1492 7ff8a8755d6a-7ff8a8755d6d call 7ff8a87555c0 1490->1492 1493 7ff8a8755d81-7ff8a8755d84 1490->1493 1491->1489 1505 7ff8a8755d72-7ff8a8755d75 1492->1505 1499 7ff8a8755dfe-7ff8a8755e02 1493->1499 1500 7ff8a8755d86-7ff8a8755d89 call 7ff8a8756060 1493->1500 1501 7ff8a8755c10-7ff8a8755c1a 1494->1501 1502 7ff8a8755bb3-7ff8a8755bbd 1494->1502 1497 7ff8a8755b8e-7ff8a8755b96 1495->1497 1498 7ff8a8755b64-7ff8a8755b6b 1495->1498 1497->1494 1498->1497 1508 7ff8a8755b6d-7ff8a8755b7c 1498->1508 1506 7ff8a8755e09-7ff8a8755e2f ERR_put_error 1499->1506 1507 7ff8a8755e04-7ff8a8755e07 1499->1507 1521 7ff8a8755d8e-7ff8a8755d91 1500->1521 1503 7ff8a8755c1c-7ff8a8755c24 1501->1503 1504 7ff8a8755c26-7ff8a8755c3c call 7ff8a8711cd0 1501->1504 1502->1504 1510 7ff8a8755bbf-7ff8a8755bc2 1502->1510 1513 7ff8a8755bd3-7ff8a8755bf1 ERR_put_error 1503->1513 1532 7ff8a8755c3e-7ff8a8755c46 1504->1532 1533 7ff8a8755c48-7ff8a8755c4f 1504->1533 1515 7ff8a8755db9 1505->1515 1516 7ff8a8755d77-7ff8a8755d7f 1505->1516 1518 7ff8a8755e37-7ff8a8755e49 1506->1518 1519 7ff8a8755e31-7ff8a8755e35 1506->1519 1507->1506 1517 7ff8a8755e5c-7ff8a8755e7e ERR_put_error 1507->1517 1508->1497 1520 7ff8a8755b7e-7ff8a8755b85 1508->1520 1511 7ff8a8755bcb 1510->1511 1512 7ff8a8755bc4-7ff8a8755bc9 1510->1512 1511->1513 1512->1504 1512->1511 1523 7ff8a8755bfd-7ff8a8755c0b 1513->1523 1524 7ff8a8755bf3-7ff8a8755bf7 1513->1524 1522 7ff8a8755dbc-7ff8a8755dca BUF_MEM_free 1515->1522 1526 7ff8a8755dac-7ff8a8755db2 1516->1526 1517->1515 1518->1517 1527 7ff8a8755e4b-7ff8a8755e57 call 7ff8a8711802 1518->1527 1519->1517 1519->1518 1520->1497 1528 7ff8a8755b87-7ff8a8755b8c 1520->1528 1529 7ff8a8755da0-7ff8a8755da3 1521->1529 1530 7ff8a8755d93-7ff8a8755d9e 1521->1530 1522->1477 1534 7ff8a8755dcc-7ff8a8755dda 1522->1534 1523->1522 1524->1522 1524->1523 1526->1490 1531 7ff8a8755db4 1526->1531 1527->1517 1528->1494 1528->1497 1529->1515 1536 7ff8a8755da5 1529->1536 1530->1526 1531->1515 1532->1513 1537 7ff8a8755c91-7ff8a8755c9b call 7ff8a871249b 1533->1537 1538 7ff8a8755c51-7ff8a8755c5c call 7ff8a877c5db 1533->1538 1539 7ff8a8755ddc 1534->1539 1540 7ff8a8755de1 1534->1540 1536->1526 1545 7ff8a8755c9d 1537->1545 1546 7ff8a8755ce2-7ff8a8755d01 call 7ff8a871118b 1537->1546 1547 7ff8a8755c5e-7ff8a8755c66 1538->1547 1548 7ff8a8755c6b-7ff8a8755c7b BUF_MEM_grow 1538->1548 1539->1540 1540->1477 1549 7ff8a8755ca5-7ff8a8755cc3 ERR_put_error 1545->1549 1556 7ff8a8755d0d-7ff8a8755d11 1546->1556 1557 7ff8a8755d03-7ff8a8755d0b 1546->1557 1547->1513 1551 7ff8a8755c7d-7ff8a8755c85 1548->1551 1552 7ff8a8755c8a 1548->1552 1553 7ff8a8755ccf-7ff8a8755cdd 1549->1553 1554 7ff8a8755cc5-7ff8a8755cc9 1549->1554 1551->1513 1552->1537 1553->1515 1554->1515 1554->1553 1558 7ff8a8755d19-7ff8a8755d20 1556->1558 1559 7ff8a8755d13-7ff8a8755d17 1556->1559 1557->1549 1560 7ff8a8755d22-7ff8a8755d2f call 7ff8a87115aa 1558->1560 1561 7ff8a8755d55-7ff8a8755d63 1558->1561 1559->1558 1559->1560 1560->1522 1564 7ff8a8755d35-7ff8a8755d43 1560->1564 1561->1490 1561->1531 1565 7ff8a8755d4e 1564->1565 1566 7ff8a8755d45-7ff8a8755d4c 1564->1566 1565->1561 1566->1561 1566->1565
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                          • API String ID: 2562538362-2512360314
                                                                                                                                                                                          • Opcode ID: c5ec9d6da75d60e59cec8800915c942c7923d53dd8deea7d1b1bc2a2b65e181d
                                                                                                                                                                                          • Instruction ID: 2cdcaba2615a7d5d73efa0edbb818ca0f8771a2f28567df36e8c496749e86ef2
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5ec9d6da75d60e59cec8800915c942c7923d53dd8deea7d1b1bc2a2b65e181d
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5B18132A4E742A6F7689F15C4843BD33E1EB40B88F145035DA4C46799CF7EE885CB68
                                                                                                                                                                                          Function 00007FF8A87115D2 Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 570COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$O_clear_flagsO_set_flags
                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number
                                                                                                                                                                                          • API String ID: 1692547093-34800109
                                                                                                                                                                                          • Opcode ID: 218e4fe239caa055c8f9a09eb3c10c9947b384fed5d68d776e866426d8813317
                                                                                                                                                                                          • Instruction ID: 41bae557f6c1bc723fd1a21759795bfd9f4f486e51412f9a859f0668c8d73dd4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 218e4fe239caa055c8f9a09eb3c10c9947b384fed5d68d776e866426d8813317
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8342CB32B8A682A6EB74CA51D1447BD27A5FB91BC4F184135CA4D47FA0CF3DE891C728
                                                                                                                                                                                          Function 00007FF7279C57D0 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freestrlen
                                                                                                                                                                                          • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                          • API String ID: 322734593-568040347
                                                                                                                                                                                          • Opcode ID: d205c733db865d8dd7c5399c9227ccd87022c37c73608eb8f429483b9ef03b16
                                                                                                                                                                                          • Instruction ID: c674ddbcffc0e5614a0815457c244b433c8e8b47d1cacdc8abb2aefc69aeb5bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: d205c733db865d8dd7c5399c9227ccd87022c37c73608eb8f429483b9ef03b16
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20315D21A08B4791EE15BB16DF48079A360EF4AB94FD84036DD8E47791EE3CE4478F20
                                                                                                                                                                                          Function 00007FF8A871240F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                          • API String ID: 1958097105-2209325370
                                                                                                                                                                                          • Opcode ID: 4188784b089c0aef524afabbd84599c193d976197fb088fa5096f07a4c300196
                                                                                                                                                                                          • Instruction ID: 3fa77c1458f5e20c75b6274ba230df54e9a50f7bd2f51f682db6b6bd77bb7bd9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4188784b089c0aef524afabbd84599c193d976197fb088fa5096f07a4c300196
                                                                                                                                                                                          • Instruction Fuzzy Hash: 14819132A4AA9591EB50DF25D4443A96BA0FB44FC8F188135DE9C0BFA8DF3CD485CB64
                                                                                                                                                                                          Function 00007FF8A87555C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • BUF_MEM_grow_clean.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A8755D72), ref: 00007FF8A8755774
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A8755D72), ref: 00007FF8A875588C
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A8755D72), ref: 00007FF8A8755952
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$M_grow_clean
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                          • API String ID: 1147295381-2512360314
                                                                                                                                                                                          • Opcode ID: 5f176698e27fcd32c145e642f59c1ffc7f7fcf19b059238bddaa937a1f498d97
                                                                                                                                                                                          • Instruction ID: edb2d195c2dac5ba5c1fbd41b9f96f31cf67f9f755f5912c51e12d509a6882ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f176698e27fcd32c145e642f59c1ffc7f7fcf19b059238bddaa937a1f498d97
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFA1C232A4A682A5FB688F25D44437937A0FB40BD8F185135CA5D4BBE4CF3EE485C724
                                                                                                                                                                                          Function 00007FF8A87114C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: C_get_current_jobR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 4281227279-1080266419
                                                                                                                                                                                          • Opcode ID: 3c78fabd672594b1f123496dd180e95c5cf271f2b730e2afc5d90a2ea75cc958
                                                                                                                                                                                          • Instruction ID: 47c710ae18a4febe5b73f9d853e490323a47d6d21e181bb4b67b8c3e9599574f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c78fabd672594b1f123496dd180e95c5cf271f2b730e2afc5d90a2ea75cc958
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E21C332B4A642A2EB40DB25E4007AD23A0EF88BC4F585130EE4D47796DF3CE4558A24
                                                                                                                                                                                          Function 00007FF7279C7D40 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                          • String ID: _MEIPASS2
                                                                                                                                                                                          • API String ID: 3061335427-3944641314
                                                                                                                                                                                          • Opcode ID: 235c1dd8b7d63f55f126b570e5c794863b31d2e99e52066b805540e0412e25bb
                                                                                                                                                                                          • Instruction ID: 36c0c75b0499c735c8057e146859dbc7f63096acdab5f1dd047a4b3f1bf8c4da
                                                                                                                                                                                          • Opcode Fuzzy Hash: 235c1dd8b7d63f55f126b570e5c794863b31d2e99e52066b805540e0412e25bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2821A11271865301FE11BA129E497BAD646AF4EBC4FC80439DE4D4B692ED3EE943CE20
                                                                                                                                                                                          Function 00007FF7279C6170 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                          • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                          • API String ID: 2635317215-799113134
                                                                                                                                                                                          • Opcode ID: 2ffff2677c742e4d75b8a438d74a042177ee15190e16fc09648dd6ea9d837ee2
                                                                                                                                                                                          • Instruction ID: 4f88cb5dc154848520ec386e2201aff157489ba3152e538757f1da048e8902b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ffff2677c742e4d75b8a438d74a042177ee15190e16fc09648dd6ea9d837ee2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E08C21E0870781EE10BB049A851A99390EB8A340FC40038D98C023A2DD3CE5078F20
                                                                                                                                                                                          Function 00007FF8A8756060 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,00000000,?,00007FF8A8755D8E), ref: 00007FF8A87563FD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                          • API String ID: 1767461275-2512360314
                                                                                                                                                                                          • Opcode ID: 286396ca9c874b9dfc3071c4ae9c9e66dfc5672bc1137bd36060fe4fb40a9dbf
                                                                                                                                                                                          • Instruction ID: 9ace6de01d230b56bf251d5378c170f03f8e8632b7cbae1b917a0e9f0fe2d5f8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 286396ca9c874b9dfc3071c4ae9c9e66dfc5672bc1137bd36060fe4fb40a9dbf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FB1C432A4A642E6EB688F25C454B7D33A0FF40BC8F545135CA4D47AA4DF3DE985CB28
                                                                                                                                                                                          Function 00007FF7279CF310 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fsetpos
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 850078086-0
                                                                                                                                                                                          • Opcode ID: 1b41710901f17b2eeca1497c090281577d230925116f41a5d4b4f06b87e02d06
                                                                                                                                                                                          • Instruction ID: 103151a82e95ae6d5ed7dadf2576d1d36d58b863b471c9405f5c730a7c2102ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b41710901f17b2eeca1497c090281577d230925116f41a5d4b4f06b87e02d06
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15114F73E04B03D9EF14AF6589451AC67A1EB0A7D8F900A39EE9D07789DF38D1528A60
                                                                                                                                                                                          Function 00007FF7279C20B0 Relevance: 3.0, APIs: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclosestrcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3396940900-0
                                                                                                                                                                                          • Opcode ID: a3ad25db15f60588623514ec90a7e761cfe62f1838e12f0dbc38abdeea06411e
                                                                                                                                                                                          • Instruction ID: ecb1b4d0016045c2d8ef014553948addfcb9f58549d455ea3397f7bd10a6b8ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: a3ad25db15f60588623514ec90a7e761cfe62f1838e12f0dbc38abdeea06411e
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1117361B0834340FB50B675AE553F69251DF59BC4F948036DD8D8768ADD2CD886CE60
                                                                                                                                                                                          Function 00007FF7279C7930 Relevance: 3.0, APIs: 2, Instructions: 20libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32 ref: 00007FF7279C7951
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C795D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWidefree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3231889924-0
                                                                                                                                                                                          • Opcode ID: 5da9cff1bddf644fc85132b22c29d0953a3f4d68f75795d1196dca3a9b5b5111
                                                                                                                                                                                          • Instruction ID: 67a11815d26227198960bc2542f32e29635720bd939d4bc360ba6a548f69596d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5da9cff1bddf644fc85132b22c29d0953a3f4d68f75795d1196dca3a9b5b5111
                                                                                                                                                                                          • Instruction Fuzzy Hash: C3D05E11F2A67701EEA8B3773C5AAAA81419F8EFD0EC890789C8D47746EC2DD5830F00
                                                                                                                                                                                          Function 00007FF7279CF1CB Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freememsetwcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2332356550-0
                                                                                                                                                                                          • Opcode ID: 1a767a8511ac7941d5b600a4ca5724adf868899c20a7f97db0b9802882a0a5e1
                                                                                                                                                                                          • Instruction ID: da967ae5304fe3e300b367f2b3079c0b8807f5a939a912136ace4dab50b52f36
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a767a8511ac7941d5b600a4ca5724adf868899c20a7f97db0b9802882a0a5e1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 85310B76F00B15C9DB00DF76C48109C7BB1FB59BA8B508526EE5C53B68DB34C491C7A0
                                                                                                                                                                                          Function 00007FF8A87117C1 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                          • Opcode ID: 93ac2850b5d2f13ae9b54a5dd82942a09dfe8bb811652b166735949098b463b3
                                                                                                                                                                                          • Instruction ID: 96b32949d4837fa270439d7a513bd81fdac3d9232efceb2918ec02daf2d35676
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ac2850b5d2f13ae9b54a5dd82942a09dfe8bb811652b166735949098b463b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0318D33609B8586D750CF65E440BED77A0F789B88F084136EE8C4BB59DF79C1998B24
                                                                                                                                                                                          Function 67000940 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                          • Opcode ID: fe5837323282d315a15794c740daf0bac631d7c30206fff776a4dc5a47e3ca90
                                                                                                                                                                                          • Instruction ID: cd783cb35b1c5ccd56b387b9dc9809c4c0e09b979c626c1b103b450ba26739f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: fe5837323282d315a15794c740daf0bac631d7c30206fff776a4dc5a47e3ca90
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F01C7237D52085F6310D29D600FAA7594575BBF0E94811699BC0ABF4D55FC6818F22
                                                                                                                                                                                          Function 00007FF8A8755460 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1767461275-0
                                                                                                                                                                                          • Opcode ID: dfae5811a408f5906231ea143e286c5f2096b5f567c064c5227843b7cad87cf8
                                                                                                                                                                                          • Instruction ID: 78c36018e7f8af04b070878c7701d9902aeb40d60fa4dfd6d3ad852ee4426410
                                                                                                                                                                                          • Opcode Fuzzy Hash: dfae5811a408f5906231ea143e286c5f2096b5f567c064c5227843b7cad87cf8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0301D132A4924186E7A88E29E00437962A0FB84BCCF141035EA5C07BE9DB7EE880CF14
                                                                                                                                                                                          Function 00007FF7279C43B0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • _wfopen.MSVCRT ref: 00007FF7279C43F5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 372205238-0
                                                                                                                                                                                          • Opcode ID: 4579cfcb0f3334daeaaf7b323de48acbc150d2dfa9902d64ce50903cdcd48eec
                                                                                                                                                                                          • Instruction ID: 3eb546971edc81245630be1ef1810b82a7324194bcc5c7b999535e5e73419aac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4579cfcb0f3334daeaaf7b323de48acbc150d2dfa9902d64ce50903cdcd48eec
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4E0125171871241E9257312BE097A9C2169F4AFD4E848035EE4D5BB9ACD1CD6438F15
                                                                                                                                                                                          Function 00007FF8A87114C4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                          • Opcode ID: 6085142ac8421f32a635a0c22734978378be42a22e6ff1485fbb386f4c50a3f8
                                                                                                                                                                                          • Instruction ID: 14bb342ebd35586dabff832727420a853e1623b86ef22e0eacf2d96e4a29b216
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6085142ac8421f32a635a0c22734978378be42a22e6ff1485fbb386f4c50a3f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E080F3F4610256F7255775D846F791390EB4C754F641030DA1C8AB82EBADE8D28B18
                                                                                                                                                                                          Function 00007FF8A8711A19 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_load_strings_const
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 78401305-0
                                                                                                                                                                                          • Opcode ID: 0be1949e56c2ea4199e7c373edc4103642ad9dc23da652513ae296fa833e8ecc
                                                                                                                                                                                          • Instruction ID: 176dae95d38010a0dc0de5de5eae1152a19e3d1c8bd632093452e5c33f8bf0aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be1949e56c2ea4199e7c373edc4103642ad9dc23da652513ae296fa833e8ecc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DE01712F9F54371F944B7A098563B80150EFEC381FD04034E01D452E2EF0CB9898239
                                                                                                                                                                                          Function 66FFD980 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                          • Opcode ID: 87d80e122543ab82afe693d9a7a50df2d0bf7f3205f6cf244ec925fd0e59c24c
                                                                                                                                                                                          • Instruction ID: cc6605d32a8233596066b01f0e67003fd64ba0751052047c5fa452c7b4720335
                                                                                                                                                                                          • Opcode Fuzzy Hash: 87d80e122543ab82afe693d9a7a50df2d0bf7f3205f6cf244ec925fd0e59c24c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E9197B2A29B9486EB558F26D45035D3BA0F745FECF18411ACF9D1B3A9DB38C496C380
                                                                                                                                                                                          Function 00007FF7279CCBB0 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                          • Opcode ID: 2a8ed1b94c2ecad1366225d334ccb52ec1482a7a77aeb9910e81021007b9b4bb
                                                                                                                                                                                          • Instruction ID: dff4a67fc4d2d53020c3bb314a96b299c7a88f01171ed69eaf0fc6be9dd07f00
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a8ed1b94c2ecad1366225d334ccb52ec1482a7a77aeb9910e81021007b9b4bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D313C26F0571699FB10ABA5D9403BC3BB0E706B88F90447ADE8C57794DF3C9692CB20
                                                                                                                                                                                          Function 00007FF7279C8AF0 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 38f4e7e84bfde0e0d6dc9e7c5168d17b71f36d3212bb9a6eed58a8cdbdc102e6
                                                                                                                                                                                          • Instruction ID: ba709dc0eaf540987307e6a24137c8ef70bde5b73a3581a7723279499f0bebc4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 38f4e7e84bfde0e0d6dc9e7c5168d17b71f36d3212bb9a6eed58a8cdbdc102e6
                                                                                                                                                                                          • Instruction Fuzzy Hash: D621C431609B5346FF246B159D41B39A290EB8AB94FAC4539CD8E477D0DF38D843CB20
                                                                                                                                                                                          Function 00007FF7279CA980 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 91393a4a38c2f9ca34023a88416337a771a7b0123113a7f946b122cb324d8598
                                                                                                                                                                                          • Instruction ID: 4f82bddd4fc84547af7d61e3dd31df552fb2b15ba72bb963f21557b4e1b7ffdc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 91393a4a38c2f9ca34023a88416337a771a7b0123113a7f946b122cb324d8598
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF0A062A05A1282DF10AB2ADC4132962A0EB4CFB8F151275CE8E47384EE24CCC2CB90
                                                                                                                                                                                          Function 66FFDE00 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • malloc.MSVCRT(?,?,00000000,?,66FE0C70,00000000,?,?,66F93BB6,?,?,?,?,?,?), ref: 66FFDE0F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2131172818.0000000066F81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 66F80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2131148247.0000000066F80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131231390.0000000067002000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131253837.0000000067006000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131274076.0000000067007000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131300783.000000006701F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131344226.0000000067022000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131400463.0000000067024000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2131434689.0000000067028000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_66f80000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 1bf828e095ce4e9032b00840eccc91d5e23d29e85e168ad2e099bbb74118d7cc
                                                                                                                                                                                          • Instruction ID: 8f0ba91d47a1758a7b6ac7e434d4990a1de01463283f716b81bd24b7a461b6f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bf828e095ce4e9032b00840eccc91d5e23d29e85e168ad2e099bbb74118d7cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D01266B9BA5581E50D9B573C5039895576B5EBF1F4CC0308E4D97315FC2844D34310

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00007FF8A87110A5 Relevance: 61.5, APIs: 32, Strings: 3, Instructions: 276COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$O_freeO_zalloc
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$gfffffff$~
                                                                                                                                                                                          • API String ID: 3565116557-3298543876
                                                                                                                                                                                          • Opcode ID: f305aeb28f7a18fd0a1c6c4e00bb75f3199cec8b2b7e99697efe69e1ba939d70
                                                                                                                                                                                          • Instruction ID: 15c6ea98b06e97f0cb1e0dc5775ed4f883543d60c614fe4e97ba4e03e14ca92d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f305aeb28f7a18fd0a1c6c4e00bb75f3199cec8b2b7e99697efe69e1ba939d70
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4ED16932A4AB82A6EB59DB25E4903F963A0FF48B84F404436CB9D47795DF3CE160C324
                                                                                                                                                                                          Function 00007FF8A872F960 Relevance: 57.1, APIs: 22, Strings: 10, Instructions: 1068stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$strncmp$L_sk_freeL_sk_numL_sk_pushO_mallocR_put_error$L_sk_new_nullL_sk_value
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$DEFAULT$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192
                                                                                                                                                                                          • API String ID: 3367745429-3030769715
                                                                                                                                                                                          • Opcode ID: 0757d5fb305cc7fbd74bb3cb46e42215229c3689a2ecd6931d1c378fb8281c27
                                                                                                                                                                                          • Instruction ID: 2551641787aa8f73ce5e90dfc26b9030177c5ffa8c9ca0f829834b9a462a0724
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0757d5fb305cc7fbd74bb3cb46e42215229c3689a2ecd6931d1c378fb8281c27
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76A2A872A4AB46A2EB69CB06D4506B827E4FB14FC4F288036DE4C47790EF3CD981C765
                                                                                                                                                                                          Function 00007FF8A8711E6A Relevance: 56.4, APIs: 30, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_new$X_free$DigestInit_exR_flagsR_key_lengthX_reset
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_enc.c$x
                                                                                                                                                                                          • API String ID: 2151083367-3671953471
                                                                                                                                                                                          • Opcode ID: b7c4a1afce9972076094333b5344805b1c2a865642606e0bc6a5c75d9446d4a7
                                                                                                                                                                                          • Instruction ID: d4c8b09802c575b236a0e9e5b16c69f483fa49889cd267781dbb5085993f9d5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: b7c4a1afce9972076094333b5344805b1c2a865642606e0bc6a5c75d9446d4a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F1BE32B4B78295EB60DB26D0507B927A0EB85BD8F484035DE8D4BB95EF3CE445C728
                                                                                                                                                                                          Function 00007FF8A876CBB0 Relevance: 53.2, APIs: 27, Strings: 3, Instructions: 731COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CC55
                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CC5E
                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CC73
                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CC88
                                                                                                                                                                                          • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CE9B
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CF64
                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CF76
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FF8A876DF8C), ref: 00007FF8A876CFD2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_freeL_sk_numO_free$L_sk_valuememcmp
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$@$P
                                                                                                                                                                                          • API String ID: 1579232405-1224705267
                                                                                                                                                                                          • Opcode ID: 82dae07ff3711130da00d59c695202ddd9335452390dcaa59f9b9850c2fea917
                                                                                                                                                                                          • Instruction ID: ff0ef1696c30b69c9e9e112d2477aa7a8275d4e7a2c4ba1b613efe0fe8910925
                                                                                                                                                                                          • Opcode Fuzzy Hash: 82dae07ff3711130da00d59c695202ddd9335452390dcaa59f9b9850c2fea917
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC72BE32A4A68296EB64DF25D4403B93BA1FB84BD8F188135DE4D4B795CF3DE580C728
                                                                                                                                                                                          Function 00007FF7279C2560 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                          • String ID: $BUTTON$Close$EDIT$Failed to IkuA6pOF script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                          • API String ID: 3223904152-27821387
                                                                                                                                                                                          • Opcode ID: 04f2d82e8ffba4cbe6a93567bbf6fed349d1fd3a2e228bf8f8276963421ee365
                                                                                                                                                                                          • Instruction ID: bc449c1d2395efb10bd05551be8389e6fe6d8d9b15e91adb761903c5215955cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04f2d82e8ffba4cbe6a93567bbf6fed349d1fd3a2e228bf8f8276963421ee365
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB91BE36218B9182E7509F61E85479BB760F789BD8F54413AEE8C0BB58CF7DC446CB60
                                                                                                                                                                                          Function 00007FF8A871191F Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 207COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: E_finishY_asn1_find_strY_asn1_get0_info$J_nid2sn$D_sizeP_get_digestbyname
                                                                                                                                                                                          • String ID: `$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512
                                                                                                                                                                                          • API String ID: 910905907-344903700
                                                                                                                                                                                          • Opcode ID: af73907f379c61c419f78347b2f9e02f059c7134e5e93dcff582a9889ef48c39
                                                                                                                                                                                          • Instruction ID: dfbe774f1db507bcc05c7ca89c3e0f05d944fca51fc46744fed4233069d83ade
                                                                                                                                                                                          • Opcode Fuzzy Hash: af73907f379c61c419f78347b2f9e02f059c7134e5e93dcff582a9889ef48c39
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AA18272E4B752AAE7209F24E8506B977A4FB887D8F014235F64D83A94DF3CE041C768
                                                                                                                                                                                          Function 00007FF8A877AE40 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_dupN_free$O_freeO_strdupmemset$R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                          • API String ID: 945879394-1778748169
                                                                                                                                                                                          • Opcode ID: a1abc2eb0a4d8886b6cbc02950fa32dd319b988c6aa721c3170f52038b589eb1
                                                                                                                                                                                          • Instruction ID: 2d8aca8ba4dc048ea823aeb4b93a8a659d7601bf6563891bcee550961c18d8c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1abc2eb0a4d8886b6cbc02950fa32dd319b988c6aa721c3170f52038b589eb1
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE714D21B8BB82A5FB99EF25D5503B863A4FF84B84F080435DA5C4B796DF2CE460C764
                                                                                                                                                                                          Function 00007FF8A87489D0 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Digest$Init_exL_cleanse$D_sizeFinal_exX_freeX_newY_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$ext binder$res binder
                                                                                                                                                                                          • API String ID: 3409567581-999040457
                                                                                                                                                                                          • Opcode ID: a4979e3a0ad0778d4b645f9e93d246452461826069706869946054950c1e6b54
                                                                                                                                                                                          • Instruction ID: 4da92b2bc2901f1873cee1c0ea90854e0b0f2bf72ac7684cac3a15d574269b17
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4979e3a0ad0778d4b645f9e93d246452461826069706869946054950c1e6b54
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0ED1C232A4AB9695EB20CBA5E8403BE77A1FB847D4F440135EE9C46BA8DF7CD150CB14
                                                                                                                                                                                          Function 00007FF8A8711EEC Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 328COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$X509_get0_pubkeyX_freeX_new
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                          • API String ID: 1476775391-2839845709
                                                                                                                                                                                          • Opcode ID: 77db3d01e97d2f8a9dec24185974b109a607d4baf2ef0163f91dc2a5ffd2b9cc
                                                                                                                                                                                          • Instruction ID: 95db339d003245bcb68eddd35891435410d76fc78caa91d3f7f0dc2addc4fa58
                                                                                                                                                                                          • Opcode Fuzzy Hash: 77db3d01e97d2f8a9dec24185974b109a607d4baf2ef0163f91dc2a5ffd2b9cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: BAE1B132A4E742A6EB648B12D440BBE37A0EB85BC4F444135DE8D47B95DF3CE541C728
                                                                                                                                                                                          Function 00007FF8A871402B Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_set_init$O_clear_flagsR_put_error$O_freeO_get_dataO_get_initO_get_shutdownO_pushO_set_nextO_set_shutdownO_up_refO_zalloc
                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c$=
                                                                                                                                                                                          • API String ID: 3205778585-3341019427
                                                                                                                                                                                          • Opcode ID: 48324da22b30eb2a03910716d4b020fa1a256ca486406138269771141a6602a8
                                                                                                                                                                                          • Instruction ID: 136989efe1425d8989aab47f9de7e9126590a2b4442b0f8b362f86c64839a074
                                                                                                                                                                                          • Opcode Fuzzy Hash: 48324da22b30eb2a03910716d4b020fa1a256ca486406138269771141a6602a8
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF317A11B8F62262FB06EA2695112BD5282EF81FD0F444031ED1D0BBE6EF2CE543832D
                                                                                                                                                                                          Function 00007FF8A8738FE0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: 55b96a3dd205bf37366373ac7fb6cb63c00a7a8e0b1a3690861fcf297dbba5b8
                                                                                                                                                                                          • Instruction ID: 7f8f2eeb971a535598b1e0ffcb7986f5a79eb9003cc332fbd747630c3727a9e8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55b96a3dd205bf37366373ac7fb6cb63c00a7a8e0b1a3690861fcf297dbba5b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8E13B36646B81A6EB88CF25D9803E973A4FB49B84F08413ADF5C4B355DF39E0A0C764
                                                                                                                                                                                          Function 00007FF8A8744AD0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_strdup$O_memdup$D_lock_newO_dup_ex_dataO_mallocO_new_ex_dataR_put_errorX509_chain_up_refX509_up_ref
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                          • API String ID: 3017714891-2868363209
                                                                                                                                                                                          • Opcode ID: fbecbd865664d95c43988a5c7de16e0e2927971e8aefb9cfc2c71dbe7649cea4
                                                                                                                                                                                          • Instruction ID: c22bbbdf3b7515be7a512cab87a15bbaf8db17221b6c835c32663933a683cf7b
                                                                                                                                                                                          • Opcode Fuzzy Hash: fbecbd865664d95c43988a5c7de16e0e2927971e8aefb9cfc2c71dbe7649cea4
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFA18B22A4BB92A2EB85CF64D5403F833A4FF58B84F085635DF9D16652EF38E194D324
                                                                                                                                                                                          Function 00007FF8A8711D7F Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_copyN_dupN_free$O_freeO_strdup
                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                          • API String ID: 3726006556-1778748169
                                                                                                                                                                                          • Opcode ID: bc46111eaa5c0d2eee9a4f116bbacdad95b66885ca9a0fa629ea1e3bf33a3169
                                                                                                                                                                                          • Instruction ID: ffd8780ec10a8958f3c1d912ec5c5bf8711b673c9b59a0004af03e68a8852356
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc46111eaa5c0d2eee9a4f116bbacdad95b66885ca9a0fa629ea1e3bf33a3169
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC413F21A4FB8290EF96EE2595403BC22D4EF88FC8F1C4535D94D4A799DF2CE481C768
                                                                                                                                                                                          Function 00007FF8A8742BA0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$L_cleanse$D_lock_freeL_sk_pop_freeO_clear_freeO_free_ex_dataX509_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                          • API String ID: 4155952050-2868363209
                                                                                                                                                                                          • Opcode ID: 7c8cca9d635726069df7663c57bf553fef2a5c5473d0a9e7b06b4a8216e8fd98
                                                                                                                                                                                          • Instruction ID: 230705dbf04b82f030bdf036df27dadfcd7dc0d4f0b122a5b5bcec74d6125d5f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c8cca9d635726069df7663c57bf553fef2a5c5473d0a9e7b06b4a8216e8fd98
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25312925B8BA43A1EB41EB65C8957F82311EF89BD8F441032DD1C4B2A6DF2CE245C778
                                                                                                                                                                                          Function 00007FF8A8767FC0 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 351COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768050
                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A87680FD
                                                                                                                                                                                          • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768105
                                                                                                                                                                                          • HMAC_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A876810D
                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768238
                                                                                                                                                                                          • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768240
                                                                                                                                                                                          • HMAC_CTX_free.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768248
                                                                                                                                                                                          • RAND_bytes.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A87682C1
                                                                                                                                                                                          • EVP_sha256.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A87682F9
                                                                                                                                                                                            • Part of subcall function 00007FF8A87110CD: BUF_MEM_grow.LIBCRYPTO-1_1 ref: 00007FF8A8718073
                                                                                                                                                                                            • Part of subcall function 00007FF8A87110CD: memcpy.VCRUNTIME140 ref: 00007FF8A87180A5
                                                                                                                                                                                          • EVP_EncryptUpdate.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A87683CC
                                                                                                                                                                                          • EVP_EncryptFinal.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768410
                                                                                                                                                                                          • HMAC_Update.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A8768486
                                                                                                                                                                                          • HMAC_Final.LIBCRYPTO-1_1(?,?,?,?,..\s\ssl\statem\statem_srvr.c,?,?,?,00007FF8A876B9E3), ref: 00007FF8A87684AF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_free$EncryptFinalO_freeUpdate$D_bytesM_growO_mallocP_sha256memcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                          • API String ID: 1480902132-348624464
                                                                                                                                                                                          • Opcode ID: f7cb21e527d5dbcd4b4f5878137a25a5e323864e2d05e7c40326ee368155d1cf
                                                                                                                                                                                          • Instruction ID: 5f6c9d95f59f5feee194a7843ca391c20afd0b576fd6442601474897f29360d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f7cb21e527d5dbcd4b4f5878137a25a5e323864e2d05e7c40326ee368155d1cf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92E19021B8E642A5FB20DB62D4502BD23A1EF45BC8F004531EE4D5BB9AEF3DE515C728
                                                                                                                                                                                          Function 00007FF8A871191A Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: b307cbf11fa145ea730c4665a47a4d239338577f27ea1e879c234206da3170c6
                                                                                                                                                                                          • Instruction ID: d0ed2b028db026625239b7e5d018f0ee59cc73dbea541b6b2de8d48627fa28d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: b307cbf11fa145ea730c4665a47a4d239338577f27ea1e879c234206da3170c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0D17C3264AB82A2EB98DF25D5507AD73A0FB84BC4F048036DB5D8B795DF38E460C725
                                                                                                                                                                                          Function 00007FF8A872EA40 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: P_get_cipherbyname$D_run_onceL_sk_findL_sk_valueR_flags
                                                                                                                                                                                          • String ID: AES-128-CBC-HMAC-SHA1$AES-128-CBC-HMAC-SHA256$AES-256-CBC-HMAC-SHA1$AES-256-CBC-HMAC-SHA256$RC4-HMAC-MD5
                                                                                                                                                                                          • API String ID: 4011776655-741925770
                                                                                                                                                                                          • Opcode ID: 8e5ab1113a505c55ad18098f108056af020ddbdf80c83a9b1d7a7fb1bcd1fb05
                                                                                                                                                                                          • Instruction ID: e85f25646ed35315f37e3662e500d7aaae9ad493557708a999cd59e02c9fcdb2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e5ab1113a505c55ad18098f108056af020ddbdf80c83a9b1d7a7fb1bcd1fb05
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1814F32A8B746A5EF71AF14945027932E8FF587D8F944531DA4E42796EF3CE880C728
                                                                                                                                                                                          Function 00007FF8A8711E6F Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 313COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_iv_lengthmemcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record_tls13.c$M
                                                                                                                                                                                          • API String ID: 544732426-1371881060
                                                                                                                                                                                          • Opcode ID: a248fa1536625f869eff02b445ecf5a4575a5434dfefbe0031bfa17b5c97ca1b
                                                                                                                                                                                          • Instruction ID: b9d88cf29149abfb7ebd60cc98cf4e2d1b72e27dda26d7e22268e917da51bcc6
                                                                                                                                                                                          • Opcode Fuzzy Hash: a248fa1536625f869eff02b445ecf5a4575a5434dfefbe0031bfa17b5c97ca1b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E1F422B5A682AAEB60CB26D4503BD77E0FB497C8F048135DE4D47B95EF38D851C724
                                                                                                                                                                                          Function 00007FF8A871EA80 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 257COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_sizeX_md
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                          • API String ID: 3984586431-2721125279
                                                                                                                                                                                          • Opcode ID: 84db3ea8021c0cfe29904651d39d52430c1b65a760eb546f7586d4e5c57c8883
                                                                                                                                                                                          • Instruction ID: 6c613f39ef001435db24efd5c78549094e51b7775c095b0abef148cfaa03b293
                                                                                                                                                                                          • Opcode Fuzzy Hash: 84db3ea8021c0cfe29904651d39d52430c1b65a760eb546f7586d4e5c57c8883
                                                                                                                                                                                          • Instruction Fuzzy Hash: 22C19432A4AA82A1F760DF21D8047A93795FB84BC8F844131DA4D4BBA4DF3DE545D738
                                                                                                                                                                                          Function 00007FF8A875A940 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,00007FF8A875B557), ref: 00007FF8A875A9AF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_get0_pubkey
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$0
                                                                                                                                                                                          • API String ID: 2698272274-513810425
                                                                                                                                                                                          • Opcode ID: c60ef5d66cadd84f282e28db2c18b7b7ed1b8eedb0d9a194f8691d8f78a3b868
                                                                                                                                                                                          • Instruction ID: 80959a351544241e84202f4455e4a38a070b47408fdc705e5a1b719426d47296
                                                                                                                                                                                          • Opcode Fuzzy Hash: c60ef5d66cadd84f282e28db2c18b7b7ed1b8eedb0d9a194f8691d8f78a3b868
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3071D33274A74296EB24DB12E4507AAB795EB84BC8F044031DE8D47B95DF3CE642CB68
                                                                                                                                                                                          Function 00007FF8A8711EF1 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcmp$memcpy$O_clear_freeO_mallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_enc.c$client finished$extended master secret$server finished
                                                                                                                                                                                          • API String ID: 1314788138-462687698
                                                                                                                                                                                          • Opcode ID: a2c7c2993d44508e8e774e9d64e47ed1f7e0fe724717715cb39b61e85cc31dae
                                                                                                                                                                                          • Instruction ID: 43cf30814b65801d2710ae34ffca80f5eaccdf222e0eef20ab80a7ac734715c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: a2c7c2993d44508e8e774e9d64e47ed1f7e0fe724717715cb39b61e85cc31dae
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E61A062A4AB81A1E7608F15E8403BA77A4FB54BC4F549135DE8C03B59EF3CE581C728
                                                                                                                                                                                          Function 00007FF8A8711AFF Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_mem_ctrl$O_freeR_put_error$L_sk_findL_sk_pushO_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                          • API String ID: 951782134-1847046956
                                                                                                                                                                                          • Opcode ID: d6ffe78c984a9a7727b75eeebcee89ca4e3a2a41484359dc379944b31f1d8789
                                                                                                                                                                                          • Instruction ID: 44a0e28e18bcf403996fa66df38819e27076d764b31a82dfb1caa84ecacb0e4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6ffe78c984a9a7727b75eeebcee89ca4e3a2a41484359dc379944b31f1d8789
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8418061F8F74262F715EB11E4143B95AA1EF89BC4F540434EA4D0B7D6EF6CE5408B28
                                                                                                                                                                                          Function 00007FF8A8712063 Relevance: 21.0, APIs: 11, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_free$O_free$memset
                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                          • API String ID: 2671087460-1778748169
                                                                                                                                                                                          • Opcode ID: 7906b3f3e7ac0c16a273dc6ac09d4814df4d70dd73a6bdd6e88d5f947eb82421
                                                                                                                                                                                          • Instruction ID: a401af923c9a1d63223795d38c150dda074f006d1d703421afeda96c723a2289
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7906b3f3e7ac0c16a273dc6ac09d4814df4d70dd73a6bdd6e88d5f947eb82421
                                                                                                                                                                                          • Instruction Fuzzy Hash: FE11DA22A57582A1EB45FF25C8513F82355EF94BC8F540031E90D4A696DF29E641C328
                                                                                                                                                                                          Function 00007FF8A8711028 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 331COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeX_freeY_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$c:\a\6\s\ssl\packet_locl.h$z
                                                                                                                                                                                          • API String ID: 392469334-898382007
                                                                                                                                                                                          • Opcode ID: e5d51fa70321f13d4fc234ab60147dbe6e860dbfb4ea4f26ed47027690ae6090
                                                                                                                                                                                          • Instruction ID: c3f3789c6f0ae81929ed980c91a1ba790238464d546311b899874973daa8f24d
                                                                                                                                                                                          • Opcode Fuzzy Hash: e5d51fa70321f13d4fc234ab60147dbe6e860dbfb4ea4f26ed47027690ae6090
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66E17872B4A642A5FB28CA21D4407B92FA1EB45BD8F045131DE4D1BB99DF3CE285C728
                                                                                                                                                                                          Function 00007FF8A871207C Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 316COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$D_sizeDigestO_mallocP_sha256_time64
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$o$resumption
                                                                                                                                                                                          • API String ID: 1034084170-2120662796
                                                                                                                                                                                          • Opcode ID: d00a0f078ee3ac19f8569a99c78a1e111f28aa969934c48dfa25f5a70fbfb9d9
                                                                                                                                                                                          • Instruction ID: 78095107de384a2d24f216b1f9b281de3b9650d29a8754f10400c631cdbd08c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: d00a0f078ee3ac19f8569a99c78a1e111f28aa969934c48dfa25f5a70fbfb9d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 57E1BE3264AA8195EB24CF16E4843AD7FA1FB89BC8F049135EA8C87794DF3DE441C714
                                                                                                                                                                                          Function 00007FF8A871101E Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_free$Y_free$L_cleanseO_free$N_bn2binN_num_bits
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 407376196-1507966698
                                                                                                                                                                                          • Opcode ID: d92df96b983f04ba9464eed69f0818f9326b374627714f5abaab226193589c8a
                                                                                                                                                                                          • Instruction ID: 81ca2da4bbe5dfe4bc6c75b70c8da668b7bac606ead8c21b478fbea2da8d96b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: d92df96b983f04ba9464eed69f0818f9326b374627714f5abaab226193589c8a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92B1B272A4A782A5FB69DB12D450BB92751EF85FC4F185131EE8D0BB95CF3CE1018728
                                                                                                                                                                                          Function 00007FF8A8729040 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$N1_item_free$O_strndupR_put_errorX509_free_time64memcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                          • API String ID: 3498103060-3659835543
                                                                                                                                                                                          • Opcode ID: 7e7d3a42c9b02347176a37bfccebe9c3884c758c242b50cb4785e4a81089b42f
                                                                                                                                                                                          • Instruction ID: c892a3fe783efb297ebae3dee9f8a0f01ed0f4261ae6b5c1e4106cb16aaf9cd3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e7d3a42c9b02347176a37bfccebe9c3884c758c242b50cb4785e4a81089b42f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D8C1293264AB86A6EB649F25D4847A833E0FB44B84F484036DF5D4B795EF38E5A0C324
                                                                                                                                                                                          Function 00007FF8A8711ACD Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c$T
                                                                                                                                                                                          • API String ID: 2718799170-2647723609
                                                                                                                                                                                          • Opcode ID: 5ae9f38cfef7a5515773f63cd3fe129ed58ef47d211663cf1b951027431a2655
                                                                                                                                                                                          • Instruction ID: 173a65e590d9fa3ebd663e013e2d64bde937d3d84fed586ec2c6db14fd7a415e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ae9f38cfef7a5515773f63cd3fe129ed58ef47d211663cf1b951027431a2655
                                                                                                                                                                                          • Instruction Fuzzy Hash: C4318531A5AA4292EB50EF61D8057F926E1FB88784F845036DA1D47795EF3CE508CB24
                                                                                                                                                                                          Function 00007FF8A872DA30 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_mem_ctrl$L_sk_newL_sk_pushL_sk_sortO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                          • API String ID: 680475741-1847046956
                                                                                                                                                                                          • Opcode ID: 02b3ac63088004735e3a3c1d5530f46cb10b6455710c2f01f4791ff1c3e9a59a
                                                                                                                                                                                          • Instruction ID: 7dfd98d9e606e920c4d729c587e40ebe350947b4fe186e01097a30d1bd9bab73
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02b3ac63088004735e3a3c1d5530f46cb10b6455710c2f01f4791ff1c3e9a59a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 68111861E9F70261FB45AB15E8153B8AAA4EF88BC4F440035E90D0B7E2EF6CE440C728
                                                                                                                                                                                          Function 00007FF8A876E910 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EVP_PKEY_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8A8770885), ref: 00007FF8A876E995
                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8A8770885), ref: 00007FF8A876E9FE
                                                                                                                                                                                          • ERR_clear_error.LIBCRYPTO-1_1(?,?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8A8770885), ref: 00007FF8A876EA17
                                                                                                                                                                                          • EVP_PKEY_decrypt.LIBCRYPTO-1_1(?,?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8A8770885), ref: 00007FF8A876EAE2
                                                                                                                                                                                          • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8A8770885), ref: 00007FF8A876EB52
                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF8A8770885), ref: 00007FF8A876EBA3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_clear_errorX509_get0_pubkeyX_ctrlX_freeX_newY_decrypt
                                                                                                                                                                                          • String ID: $+$..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                          • API String ID: 2818273386-3825620723
                                                                                                                                                                                          • Opcode ID: e399e3b895ee4be37c7f464b603969c2077d2af6227d06419fcdff418546c30f
                                                                                                                                                                                          • Instruction ID: 3a92938f26cc83d4ad061cecab8c9a18531de4f5b49db5e98237ca4e4c10f0bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: e399e3b895ee4be37c7f464b603969c2077d2af6227d06419fcdff418546c30f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7771E372A4EB42A1FB609B15E4407B97790EF84BC4F688135EA8D07B95DF3CE541C728
                                                                                                                                                                                          Function 00007FF8A8727FE0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Y_derive$O_clear_freeO_mallocX_freeX_newY_derive_initY_derive_set_peer
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 2104848214-4238427508
                                                                                                                                                                                          • Opcode ID: c3fa8c68627f24cd9c83baff33b25ae08f74552ecc575daf68d025c33a24ef8a
                                                                                                                                                                                          • Instruction ID: 37394de86e92324ba01d1ee080690fa5938c6b561767431288386a3b61c6ae7e
                                                                                                                                                                                          • Opcode Fuzzy Hash: c3fa8c68627f24cd9c83baff33b25ae08f74552ecc575daf68d025c33a24ef8a
                                                                                                                                                                                          • Instruction Fuzzy Hash: A751E532B5E64262FB24DA12A8406B967D1FF84BC4F044435DE8C4BB95EF3DE551C728
                                                                                                                                                                                          Function 00007FF8A8735D50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 3616133153-1080266419
                                                                                                                                                                                          • Opcode ID: 93953efb896dc761844fa9dd57e64d78bc94da747e2105a61f60f2f69bc111eb
                                                                                                                                                                                          • Instruction ID: 2d4cbda5e7bb493c767023ff6475399e295a270f2d3dd52a74409c3cfe820cd1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93953efb896dc761844fa9dd57e64d78bc94da747e2105a61f60f2f69bc111eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC515772A4AB8291E750DF21D8443AD33A4FB85F98F484135CA9C4B7A9DF38D481CB24
                                                                                                                                                                                          Function 00007FF8A8711F82 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 412COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_flagsO_freeO_set_flagsO_snprintfR_add_error_data
                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c$SSL alert number
                                                                                                                                                                                          • API String ID: 3064126697-720991377
                                                                                                                                                                                          • Opcode ID: accc02505d5ef5ebf6448eef49741ac6b4e051723696af77402d22a0f9ae448c
                                                                                                                                                                                          • Instruction ID: 9e87cfc92c7814ee96edf3ecfa9684f80638901f54f3a9f2484bce470ac24c0d
                                                                                                                                                                                          • Opcode Fuzzy Hash: accc02505d5ef5ebf6448eef49741ac6b4e051723696af77402d22a0f9ae448c
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2128531A8A682A5FB608F21D4503B9B6A0EB45BD8F084135DE4D4BAE9DF3DE445C738
                                                                                                                                                                                          Function 00007FF8A872EFC0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 369stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strncmp$R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH
                                                                                                                                                                                          • API String ID: 2707563706-3120971754
                                                                                                                                                                                          • Opcode ID: 44fb702380f2bb2c46561585e3925fe35465a44421aaf26e1847d0e198ccb994
                                                                                                                                                                                          • Instruction ID: c231b66024b7e2ee4c6ffeb8971e2500eb9880e8c3a5417a6a458d0683aa6dd9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44fb702380f2bb2c46561585e3925fe35465a44421aaf26e1847d0e198ccb994
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F1A172A4E6829AE770CF25E40037A77E1FB89BD4F544135DA9D43A98EB3CE8418F14
                                                                                                                                                                                          Function 00007FF8A8711E97 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$O_memcmpO_strndupmemchr
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$c:\a\6\s\ssl\packet_locl.h$k
                                                                                                                                                                                          • API String ID: 2294304191-3731288143
                                                                                                                                                                                          • Opcode ID: 0740f029613d31b1dbbf0e720b8bb8a9bba23b63f22bbe2036924612453fd76d
                                                                                                                                                                                          • Instruction ID: 70438237cb367e6cb1e8e560ce58137b9948839333b2612b0fad39944b76745a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0740f029613d31b1dbbf0e720b8bb8a9bba23b63f22bbe2036924612453fd76d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 217124B2A8E79196EB548B15E4403B977A1FB847C0F045235EA9D57BE4CF3CE180C754
                                                                                                                                                                                          Function 00007FF8A8711BF9 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_md$CipherD_sizeX_block_sizeX_ciphermemset
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                          • API String ID: 2928813329-2721125279
                                                                                                                                                                                          • Opcode ID: 0838d48073e85c8e37a80c080673eab5d89c6697bc256662034cd5a1a7298da3
                                                                                                                                                                                          • Instruction ID: b1f4e049b96c304886c5bf53f60cc2a6e13e3f088555fc03f0016b7d341d6fc7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0838d48073e85c8e37a80c080673eab5d89c6697bc256662034cd5a1a7298da3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F510A32B8AA8162EB24DE26D5606BA6791FB44BD8F144131DF4D07F61DF3CE451D318
                                                                                                                                                                                          Function 00007FF8A8719FC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$O_mallocmemset
                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                          • API String ID: 1168073369-1306860146
                                                                                                                                                                                          • Opcode ID: cb1c2e2e2c577e105b95e25f3491dcf53fc35653235691055057ac0863a9655b
                                                                                                                                                                                          • Instruction ID: c1427360cbee2a365c4a298baa718db8854d0240ab2bf1a0a19f572a43904726
                                                                                                                                                                                          • Opcode Fuzzy Hash: cb1c2e2e2c577e105b95e25f3491dcf53fc35653235691055057ac0863a9655b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F51B622A09B8182E710EF35E8402B9A3A1FB95BC4F149234DF9D4BB56EF3DE581C754
                                                                                                                                                                                          Function 00007FF8A8711005 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$memset
                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                          • API String ID: 286756525-1306860146
                                                                                                                                                                                          • Opcode ID: 8a6c0e93becfcd759957275409e6eaf5b712d25d0c6fae68a3e4024bf0415c9e
                                                                                                                                                                                          • Instruction ID: 89a7884893455adf3538ef068a36db9ecc9d2479efa45693495a6205e88924be
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6c0e93becfcd759957275409e6eaf5b712d25d0c6fae68a3e4024bf0415c9e
                                                                                                                                                                                          • Instruction Fuzzy Hash: D441232275BA4290EF14EF26D4502B86751EF84FC8F581435EA4D4BBA6EF2DE442C364
                                                                                                                                                                                          Function 00007FF8A873C0F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 4284552970-1080266419
                                                                                                                                                                                          • Opcode ID: a0346553b6f201cc896888fb512db2eab44c67314ecb4c880cef8ce3580fddd2
                                                                                                                                                                                          • Instruction ID: fede9be38378ace4c5c4d66b4e934f6f0f4b706a27aa49ee9bdc4b4b06888c1c
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0346553b6f201cc896888fb512db2eab44c67314ecb4c880cef8ce3580fddd2
                                                                                                                                                                                          • Instruction Fuzzy Hash: ED31E166B4FB91A6E7119B25E4003A97760EB85BC0F480035DF8C07B9ADF7DE151C724
                                                                                                                                                                                          Function 00007FF8A872D940 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_mem_ctrl$L_sk_newL_sk_pushL_sk_sortO_mallocP_get_type
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                          • API String ID: 2525466407-1847046956
                                                                                                                                                                                          • Opcode ID: c0fda2c7cfd2f08080c51aecd5afd4d8a6e0385d499b365ab04a7af8835099d9
                                                                                                                                                                                          • Instruction ID: 198e818f70513b322490496a3bb7ac39273e98b09f0c9c5175ffd6a0f7632972
                                                                                                                                                                                          • Opcode Fuzzy Hash: c0fda2c7cfd2f08080c51aecd5afd4d8a6e0385d499b365ab04a7af8835099d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47113C61E9F70261FB45AB15E8153B8A694EF88BC4F440036E94D0B7E2EF6CE440C338
                                                                                                                                                                                          Function 00007FF8A8711B0E Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_cleanse$O_freeO_memcmpO_memdupmemset
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 780863833-592572767
                                                                                                                                                                                          • Opcode ID: 86bf496f679b3b7786b672491b5610af1af8bf809d3bf7cd0764ed97caaeb9cd
                                                                                                                                                                                          • Instruction ID: 9cb3f010fc052cf901d4dc762fbe37ee51659d276467181e0333c8ae62619a5e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86bf496f679b3b7786b672491b5610af1af8bf809d3bf7cd0764ed97caaeb9cd
                                                                                                                                                                                          • Instruction Fuzzy Hash: DCE1C631A4EA8296EB60CB55E4443BEB7A1FB847C4F144131EA8D4BB98DF3CD585C724
                                                                                                                                                                                          Function 00007FF8A8747DD0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_zalloc
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$gfffffff$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                          • API String ID: 2237658545-598456477
                                                                                                                                                                                          • Opcode ID: b22d729487809d557a3d33063db97eaab8ac1ca793ce9e3dc5a18c44bfa7e4ca
                                                                                                                                                                                          • Instruction ID: 5b8dfec4d3ce4e3feb7e80405df2845d048d76aaad135b83bc484aad0913ac5e
                                                                                                                                                                                          • Opcode Fuzzy Hash: b22d729487809d557a3d33063db97eaab8ac1ca793ce9e3dc5a18c44bfa7e4ca
                                                                                                                                                                                          • Instruction Fuzzy Hash: F4C14532A4AB8992EB608B46F4407BA77A0FB84BC4F144136CEAD47B94CF3DD491C719
                                                                                                                                                                                          Function 00007FF8A876EF80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EVP_PKEY_get0_RSA.LIBCRYPTO-1_1(?,?,?,?,00007FF8A87706EA), ref: 00007FF8A876EFB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Y_get0_
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                          • API String ID: 2256133966-348624464
                                                                                                                                                                                          • Opcode ID: 8fd71ec65a6dfdb4e59a58c5261a0906fa3b1b7508e60a72f15b55f1af989665
                                                                                                                                                                                          • Instruction ID: 11eb79a1e999de87a10b719ea682654a5b9fad13ca8c6786c6c8043355adab19
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fd71ec65a6dfdb4e59a58c5261a0906fa3b1b7508e60a72f15b55f1af989665
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EA1533271E6819AE7248B21E8107BE7BA0FB857C4F404634EA8D8BB86DF3CD545CB14
                                                                                                                                                                                          Function 00007FF8A8711FA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$y
                                                                                                                                                                                          • API String ID: 2011826501-250535175
                                                                                                                                                                                          • Opcode ID: 02ea46a341b3ac752227e9fe15433ed3a83cb194abfae2c8fb4ef930d3aee8c3
                                                                                                                                                                                          • Instruction ID: ddf213e621504c393724f85a40ed0afd7c0775319775469f81c83352fe6b146c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02ea46a341b3ac752227e9fe15433ed3a83cb194abfae2c8fb4ef930d3aee8c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9561CE32E8B682A5F7609B16D4947BD26A0EB80BC4F184131DE8C4BBD5CF3CE441CB68
                                                                                                                                                                                          Function 00007FF8A8711C1C Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 143COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $ $..\s\ssl\t1_enc.c$key expansion
                                                                                                                                                                                          • API String ID: 0-2405982772
                                                                                                                                                                                          • Opcode ID: 00e4ceef71d3f967ad82ad07f975e0ef309b05b5ddf9f8cc28cdfed3fcec350b
                                                                                                                                                                                          • Instruction ID: ead6331e8afbbf8b52cff431cfa0511cfec641cc2881f142eecd6e79d7498c09
                                                                                                                                                                                          • Opcode Fuzzy Hash: 00e4ceef71d3f967ad82ad07f975e0ef309b05b5ddf9f8cc28cdfed3fcec350b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F716B3264AB81A6EBA4CF15E4803EDB7A4F788B94F044136DB8D07B54CF38D5A9CB14
                                                                                                                                                                                          Function 00007FF8A876EC80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 0-3574010447
                                                                                                                                                                                          • Opcode ID: fd165d01d434ba55c1cb6715ec2c4d638b8887a1889ac74a023fd1009967e8b0
                                                                                                                                                                                          • Instruction ID: 633f7e2d4b23b51f97478aad6bbd440c74ade48312a12591289be20abc4aa8fa
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd165d01d434ba55c1cb6715ec2c4d638b8887a1889ac74a023fd1009967e8b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: B851C332B4AA81A5F7609B11E4407BE7760F788BC8F544131EA9D07BA4DF3CD595CB24
                                                                                                                                                                                          Function 00007FF8A8711D9D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: F_parse_listO_freeR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                          • API String ID: 3984800049-1643863364
                                                                                                                                                                                          • Opcode ID: 3e61863d7fb49f107a188f56dd70355b02bffbf8f4dc67c9efcef499e17c5dbe
                                                                                                                                                                                          • Instruction ID: 9180c8682d07aac19bcc47246f9644e915e6cde71f9728c9a9aa6bc501ba2968
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e61863d7fb49f107a188f56dd70355b02bffbf8f4dc67c9efcef499e17c5dbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 08416D32A4BA52A6E7A0CB11D840BB973A0FB58BC4F454139D98D07B98DF7CE545CB28
                                                                                                                                                                                          Function 00007FF8A8761960 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$X_free$memcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                          • API String ID: 1711549817-3140652063
                                                                                                                                                                                          • Opcode ID: 8858f249ca6f69a65f0d607540f2cb391f0198a4bd9761290ca33ba841402d27
                                                                                                                                                                                          • Instruction ID: 562e9f8e1c7f5327f92260c928bf6d31d7602c99f5c3967cc06a2c1ca6b41faf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8858f249ca6f69a65f0d607540f2cb391f0198a4bd9761290ca33ba841402d27
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E41AC22A4AA4291EB54EF66E4553B92361EF84FC4F044031DE8D4B796DF3CD882C328
                                                                                                                                                                                          Function 00007FF8A874ECA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$O_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                          • API String ID: 2767441526-3973221358
                                                                                                                                                                                          • Opcode ID: f215baa7073ca4f4fb2e75baa64611919c353d9e5cba702df3a41c334ae1fba1
                                                                                                                                                                                          • Instruction ID: a713857460b349f649bae433ca48089076d0d65cce45f811f3a415c2f376687b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f215baa7073ca4f4fb2e75baa64611919c353d9e5cba702df3a41c334ae1fba1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 51316D3674EB81A1EB10DB16E8406AA73A0FB89BD0F444135DE8D47B65EF7CD1508718
                                                                                                                                                                                          Function 00007FF8A872BB70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$B
                                                                                                                                                                                          • API String ID: 3411496311-1824687510
                                                                                                                                                                                          • Opcode ID: f5b4160db7fb2a49903338376766cfb787b54cabaa19fe5d13ea93a546565ea9
                                                                                                                                                                                          • Instruction ID: 0b82f6c38687a67ae59fe0a93a64d34fc1d9cf61c444b2d150efd3e7420bc3c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: f5b4160db7fb2a49903338376766cfb787b54cabaa19fe5d13ea93a546565ea9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F118B71A8B742A6E711DF20E4003E937A1FF84788F844535CA4C0A396EF7CE695CB28
                                                                                                                                                                                          Function 00007FF8A8711A05 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                          • API String ID: 0-1839494539
                                                                                                                                                                                          • Opcode ID: 2b381683268a77f2856527c629260568b443d877ed8306b885aca1c1d2dadc3e
                                                                                                                                                                                          • Instruction ID: 50e6e05764ff077eecf5c4b04036c3e8d5935d5819c6e8bb50db09ace00ff2b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b381683268a77f2856527c629260568b443d877ed8306b885aca1c1d2dadc3e
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE51583670AB81A6EB94CB25E4803A977A0FB88BD4F544132DB8C47764EF38D1A5CB14
                                                                                                                                                                                          Function 00007FF8A8711E56 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 129COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c$b
                                                                                                                                                                                          • API String ID: 2718799170-1717309047
                                                                                                                                                                                          • Opcode ID: 8e154372d9579edd06fa87ef2637298999779d031245173bad8de20e3a265e24
                                                                                                                                                                                          • Instruction ID: c1f29df3c23f13af4a1d1ec3f289dd5a105bfa1d5b4f132f7d34f864d098a274
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e154372d9579edd06fa87ef2637298999779d031245173bad8de20e3a265e24
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD51CF72B4AB4591EF14CF29D540368A3A2EB58BE8F208235CA6C07BE8EF3CD455C354
                                                                                                                                                                                          Function 00007FF8A8743E40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_read_lockD_unlock$memset
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                          • API String ID: 1035704990-2868363209
                                                                                                                                                                                          • Opcode ID: 213f6c514b44790e30a162bb42aa48313e4cf5b3731d69adda2230f7cb7e54d1
                                                                                                                                                                                          • Instruction ID: 87e326739cc958621fbb111fdad50cdcc4d487c00206792f6d8ab29b140ef164
                                                                                                                                                                                          • Opcode Fuzzy Hash: 213f6c514b44790e30a162bb42aa48313e4cf5b3731d69adda2230f7cb7e54d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F41B132B4AA81A6E754CB55E8447ED63A0FB88BC8F080131EB4D4BB95DF3DD592CB14
                                                                                                                                                                                          Function 00007FF8A8711D43 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_clear_free$N_bn2binN_num_bitsO_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                          • API String ID: 49705458-1778748169
                                                                                                                                                                                          • Opcode ID: 3458508ad74e6a9c5ddb4e1bc822bba62e66597da02ef1c87795de70b82e1931
                                                                                                                                                                                          • Instruction ID: a9271bee49fe8b0221612373e0a993b19d2126e87bddaea54feff97ac24b2dd3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3458508ad74e6a9c5ddb4e1bc822bba62e66597da02ef1c87795de70b82e1931
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5318126A4F74291EB50EB2294012B96791FF88FD8F084035EE8C4BB99DF3CE541C768
                                                                                                                                                                                          Function 00007FF8A8726B53 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$O_freeO_strdup
                                                                                                                                                                                          • String ID: $..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 3510034342-2670486660
                                                                                                                                                                                          • Opcode ID: 60b292991f2e6b7ef5fbd0a7f0de2b987e162dfc2b4a1a0d189aba64dfdd7646
                                                                                                                                                                                          • Instruction ID: 085eddacf41c5b3cbc42d6bb4696180e5f961fda1864ce516403aca82fcf7690
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60b292991f2e6b7ef5fbd0a7f0de2b987e162dfc2b4a1a0d189aba64dfdd7646
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E212431B6B54266FB259B24E45077C32D0FF007C8F54043ADA4D46A86EF3CE6818728
                                                                                                                                                                                          Function 00007FF8A8716D00 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                          • Opcode ID: cad228a1b109db095b319e36ede78fe50c19ccca394e0b220c76b63737845c3c
                                                                                                                                                                                          • Instruction ID: 5f96cf38b53aae28b44b54707753dd900dba180ec32fdb5a9bce20f0fd62b701
                                                                                                                                                                                          • Opcode Fuzzy Hash: cad228a1b109db095b319e36ede78fe50c19ccca394e0b220c76b63737845c3c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B31C333B1A28192EF89DB65D9A1BFD62A2FB88BC4F005134DE4D47B91DF68A410C715
                                                                                                                                                                                          Function 00007FF8A8711B54 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$Y_freeY_get1_tls_encodedpoint
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 4042585043-592572767
                                                                                                                                                                                          • Opcode ID: 77f09486588cfa54c45d4d7499db293d983741bf977e107540237cc9d7ae8e20
                                                                                                                                                                                          • Instruction ID: 72298559073dead1654f2da5c23f142ff113fa9e8f3e0d82e5b5ffea24b58409
                                                                                                                                                                                          • Opcode Fuzzy Hash: 77f09486588cfa54c45d4d7499db293d983741bf977e107540237cc9d7ae8e20
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6771C331B8A642A6F6609B56E4403BAA7A1FB85BC0F084035EE8D07B95DF3CD545DB28
                                                                                                                                                                                          Function 00007FF8A8711CD5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$O_memdup
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3545228654-102051108
                                                                                                                                                                                          • Opcode ID: 40434401159744e8a4225a2b54a467dfec811ac02435699359ea7903b3635f6b
                                                                                                                                                                                          • Instruction ID: 1b06ef453c05038d949f7562dd407fd1c5af565042dd51087f3088f3fde64a53
                                                                                                                                                                                          • Opcode Fuzzy Hash: 40434401159744e8a4225a2b54a467dfec811ac02435699359ea7903b3635f6b
                                                                                                                                                                                          • Instruction Fuzzy Hash: AF51B432A6AB8196EB558F14F4403A9B3A0FB84BC0F545235EAEE07B94DF3CE190C714
                                                                                                                                                                                          Function 00007FF8A8749A30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$Y_freeY_get1_tls_encodedpoint
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 4042585043-592572767
                                                                                                                                                                                          • Opcode ID: f0e962e3d80d257cd3bc69660173b9cdf384b31ae3d4f9ac2af2ae0cae04d5a9
                                                                                                                                                                                          • Instruction ID: f73a2f633758ae8798bb675d08830e4453d164a7dd13d1822543fec6dfd6e6fc
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0e962e3d80d257cd3bc69660173b9cdf384b31ae3d4f9ac2af2ae0cae04d5a9
                                                                                                                                                                                          • Instruction Fuzzy Hash: E141E431B4EB51A2EB609B56E4043BA6790FB85BC4F048031EE8C0BBA9CF7DD545D728
                                                                                                                                                                                          Function 00007FF8A875ACC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_bn2binN_num_bitsO_freeO_strdup
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 487688590-1507966698
                                                                                                                                                                                          • Opcode ID: fcb021e5b712207a46bfd784cc93daca295419eae2572c4cd418b691ba72ef90
                                                                                                                                                                                          • Instruction ID: 871b3ecc0ba7a7bb8bf36b4a03e7a9be52257be2d51fef21bba6ade24587ebcf
                                                                                                                                                                                          • Opcode Fuzzy Hash: fcb021e5b712207a46bfd784cc93daca295419eae2572c4cd418b691ba72ef90
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B21A172B4EA8291EB50DB12E9447BD6761EB84BC9F180131DE8C4FB99CF3DD5418B18
                                                                                                                                                                                          Function 00007FF8A8711C3A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                          • API String ID: 1247630535-349359282
                                                                                                                                                                                          • Opcode ID: 7c2b41f69e71c7938e9867aad85f58eb8e17ec81c85136260d4929784c867e85
                                                                                                                                                                                          • Instruction ID: 265118e9008152da9e4829b9670f8adfbc8654b2796f1656ff6a13f1aac7d7f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c2b41f69e71c7938e9867aad85f58eb8e17ec81c85136260d4929784c867e85
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD017936A5AB9191E7109B28E4441AD73A4FB89F88F040021EA8D1BB49CF3CD611C764
                                                                                                                                                                                          Function 00007FF8A8732010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$L_sk_pop_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                          • API String ID: 1650471521-1527728938
                                                                                                                                                                                          • Opcode ID: a46d0f9e5653f16f353e64e04730983924d19fff32bdcb0f21e641e5c15a612f
                                                                                                                                                                                          • Instruction ID: d97bedc304fa9d85dc3edb29752c4752330cf9661cec214c8613107d7956ce4f
                                                                                                                                                                                          • Opcode Fuzzy Hash: a46d0f9e5653f16f353e64e04730983924d19fff32bdcb0f21e641e5c15a612f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1701D432B6EA43A2EB50AB15F4802F86325FB84BC0F485031EA5D57755CF2CE645C764
                                                                                                                                                                                          Function 00007FF8A8776F30 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                          • API String ID: 2160744234-1643863364
                                                                                                                                                                                          • Opcode ID: ae136d7c0c687b3ec7fa0c80472eddc214f9a39e5940ee724782a269a884c487
                                                                                                                                                                                          • Instruction ID: b1cce632e2336cc8c9ac58ea63677befc5eed96d492db354448629c68e2504c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae136d7c0c687b3ec7fa0c80472eddc214f9a39e5940ee724782a269a884c487
                                                                                                                                                                                          • Instruction Fuzzy Hash: 77718E32B8BA82A6EBA18F1195407B923A5FB84BD4F5D4035DE4C07794DF3CE881D728
                                                                                                                                                                                          Function 00007FF8A873CD70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                          • String ID: %02x$..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1457121658-1214724818
                                                                                                                                                                                          • Opcode ID: 9f0c2a1d39fb2cc775fd98811a429d83b0c291a91e885f5ac5e393e8511b49fc
                                                                                                                                                                                          • Instruction ID: c9bcb433a78f71f7102a500434889ec343b407ed52ca6c2fcc4c470517cad507
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f0c2a1d39fb2cc775fd98811a429d83b0c291a91e885f5ac5e393e8511b49fc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 54410722B4A79196EB618F25F8003AA7B90FB89BC4F488031DE8D47765DF3CD1469B14
                                                                                                                                                                                          Function 00007FF8A871109B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_memdup$O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                          • API String ID: 2280451731-348624464
                                                                                                                                                                                          • Opcode ID: c93d6cdc5efcc6c9fed961493748bfb0fb1300031d0969c797883b987519fbcd
                                                                                                                                                                                          • Instruction ID: a1fd6524c3001617bd556074110afa679c8058ccf1e4eb0b9a6274e2860c2907
                                                                                                                                                                                          • Opcode Fuzzy Hash: c93d6cdc5efcc6c9fed961493748bfb0fb1300031d0969c797883b987519fbcd
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3517B72A0AA8195E751DF11E4807BE7BA0F785BD4F184032EA8C4B7A8CF79D5818B24
                                                                                                                                                                                          Function 00007FF8A871DDA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_malloc$O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                          • API String ID: 2640950527-837614940
                                                                                                                                                                                          • Opcode ID: 87e39b50ec14eaaa685634e9eccf18b25fbc9051a7c43bb8a94a74d5588d35e9
                                                                                                                                                                                          • Instruction ID: 72daaa84df72027f9483f157adfdd7237a0f2b6a6b3158c78a9796905728698f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 87e39b50ec14eaaa685634e9eccf18b25fbc9051a7c43bb8a94a74d5588d35e9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B41A232B0AB8196EB20DF21D9403A96BE5FB44BC8F448534DE8C4BBA9DF3CD5518758
                                                                                                                                                                                          Function 00007FF8A874EA60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CRYPTO_realloc.LIBCRYPTO-1_1(?,?,?,00007FF8A874ED8A,?,?,?,00007FF8A874E84E), ref: 00007FF8A874EB85
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_realloc
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c$3$t3
                                                                                                                                                                                          • API String ID: 3931833713-171970420
                                                                                                                                                                                          • Opcode ID: 035e8623ada3c8a43ce03e19c8aff552e57156c26daef37ae137d0616fa850ce
                                                                                                                                                                                          • Instruction ID: 8732a2b0b15b824b108e8c4934e976cf0b59848648674f0c7caca0d7cc675d3c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 035e8623ada3c8a43ce03e19c8aff552e57156c26daef37ae137d0616fa850ce
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C419173B4AB8291EA609B49D480239B7A0FB44BE4F984131DE8D437A4DF7DD492C71C
                                                                                                                                                                                          Function 00007FF8A8769CDC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3962629258-3574010447
                                                                                                                                                                                          • Opcode ID: 96ddc471845c80fd40dc4c7019bffa9fc103ce9200c8abc2f9f53410b38d7f36
                                                                                                                                                                                          • Instruction ID: a051f6abd41f463de207908682a05c5861fd1530c39eb61f6ff6d1b111e4bcc1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 96ddc471845c80fd40dc4c7019bffa9fc103ce9200c8abc2f9f53410b38d7f36
                                                                                                                                                                                          • Instruction Fuzzy Hash: F041C932A1EB8192E7418F15F4402AAB7A5FB94BD0F484132FA8D03B69DF7CD5A5CB14
                                                                                                                                                                                          Function 00007FF8A8770AF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3962629258-3574010447
                                                                                                                                                                                          • Opcode ID: 90d401d86ff461c11954c547e2215ac4d9c7f46c91f81a2391a639914b56a965
                                                                                                                                                                                          • Instruction ID: 9fb99698186349b635696aafcaa30f55039adedc0145b22346e83e6a4509b3fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 90d401d86ff461c11954c547e2215ac4d9c7f46c91f81a2391a639914b56a965
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76418C32A2AB8192E751CF15E4406BAB7A4FB84B84F485135EACD07B65DF3CD1A1CB14
                                                                                                                                                                                          Function 00007FF8A8759FC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeY_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 1826982404-1507966698
                                                                                                                                                                                          • Opcode ID: 41dded0ee1671f73fd930d32ee02b6d0fda7d9168bf0cd49d3a136534c904316
                                                                                                                                                                                          • Instruction ID: ea125fac7052b33e6b2f1e99cb50f22f4f3765b308d3f2267483ceee10621e48
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41dded0ee1671f73fd930d32ee02b6d0fda7d9168bf0cd49d3a136534c904316
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8931B53164E68296EB24DF11E4406ADBB51FB88BC4F040134EE8C17F55DF7CE2468B29
                                                                                                                                                                                          Function 00007FF8A87119E7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 2160744234-1080266419
                                                                                                                                                                                          • Opcode ID: 205947dd9d00332af5316d61340bed4d183e53cc2001715f3ac9530677b37328
                                                                                                                                                                                          • Instruction ID: 17fb02f17af4560b7e832b42af51ec1256f28b5096cb03c3b9793a38a98be1d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 205947dd9d00332af5316d61340bed4d183e53cc2001715f3ac9530677b37328
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3831DB32B4BB4192EB90CF45D4442B863A1FB44BC4F998431DA4D47BA4DF3EE582D718
                                                                                                                                                                                          Function 00007FF8A875BEF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$X_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 306345296-1507966698
                                                                                                                                                                                          • Opcode ID: 2853cef346287139e6258ed757a523e10d4385730c7c8a897cda4547f5d0c931
                                                                                                                                                                                          • Instruction ID: b8578faf4cefd44e05a45af8d5162feb8c8805756ef3f0a148b7d608c6bb6f20
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2853cef346287139e6258ed757a523e10d4385730c7c8a897cda4547f5d0c931
                                                                                                                                                                                          • Instruction Fuzzy Hash: AF31D03270968192E7649B12E5003AAA3A5FB89BC0F044135EFCC4BF86CF3DE552CB18
                                                                                                                                                                                          Function 00007FF8A8717F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c$b
                                                                                                                                                                                          • API String ID: 2718799170-1717309047
                                                                                                                                                                                          • Opcode ID: eff02652ad15797b469cfb7daf1f46a3ce03e86826f86970131a0a7076143f53
                                                                                                                                                                                          • Instruction ID: d2b032f3ff3d390e09f2c74fc8b3ea4a36c89b185a4533292bb4bfba3f5a5aa1
                                                                                                                                                                                          • Opcode Fuzzy Hash: eff02652ad15797b469cfb7daf1f46a3ce03e86826f86970131a0a7076143f53
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA213632A1EB42A5EB14CB11D4013A973A5FB047D0F504234D66C47BE1EF7DDA4AC768
                                                                                                                                                                                          Function 00007FF8A8762DB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_mallocmemcpy
                                                                                                                                                                                          • String ID: -$..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                          • API String ID: 1834057931-2154746619
                                                                                                                                                                                          • Opcode ID: 22acb04d894ddeae20fcb9948c2a0cd56429033462bab073a80b87f4ed32b332
                                                                                                                                                                                          • Instruction ID: 5c1a1dacbac93c17bfd97870be58692963d9f5adc77e38fb921b6c87cf772ab2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22acb04d894ddeae20fcb9948c2a0cd56429033462bab073a80b87f4ed32b332
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8217122A19B81A6E650CF12E4042A9B720F798BC4F459235EF8C17B66DF38E2D5C704
                                                                                                                                                                                          Function 00007FF8A8717DF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c$b
                                                                                                                                                                                          • API String ID: 2718799170-1717309047
                                                                                                                                                                                          • Opcode ID: e5a2cdc41ec90c580c07a578ba4c76683c16f6a8104d0e368a94bb5b754420c7
                                                                                                                                                                                          • Instruction ID: 051be3d794f64ac68451f96b2331404c80d784e6506f5711132fa5da80f7cd8b
                                                                                                                                                                                          • Opcode Fuzzy Hash: e5a2cdc41ec90c580c07a578ba4c76683c16f6a8104d0e368a94bb5b754420c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: E001923260AB0196D711CF19E44019873A1FB047E8FA44235D7AC07BE5EF39D995C714
                                                                                                                                                                                          Function 00007FF8A8726C53 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strdupR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 626504629-4238427508
                                                                                                                                                                                          • Opcode ID: 9a8f3001c94748e9cc0e49b444bd24d09230ddecbf5a64631e044a42999358b1
                                                                                                                                                                                          • Instruction ID: f53a9a18366f394f82812f2a0bc69ef2f2112db49d3d944a28423869d0c2b83e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a8f3001c94748e9cc0e49b444bd24d09230ddecbf5a64631e044a42999358b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75016231B6FA43A1EB51EB15E4807B863A0FF407C8F440436DA1C0A6A5EF3CE694D718
                                                                                                                                                                                          Function 00007FF8A8719020 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                          • String ID: +$..\s\ssl\pqueue.c
                                                                                                                                                                                          • API String ID: 2718799170-3697747608
                                                                                                                                                                                          • Opcode ID: da2d707b9abfcd818f8fd289379682dd5420eddc93187a191c5632dd55a8878a
                                                                                                                                                                                          • Instruction ID: 476433d2b5c5f40d47b649f7902552e66fb07119188f1bf09b6f18784a5e1991
                                                                                                                                                                                          • Opcode Fuzzy Hash: da2d707b9abfcd818f8fd289379682dd5420eddc93187a191c5632dd55a8878a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FE06D26B5B503A6EB11EB14D8096E93762EF44784F801035DA0C077A1EF3CF68ACB24
                                                                                                                                                                                          Function 00007FF8A873F0E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$Y_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 3642664693-1080266419
                                                                                                                                                                                          • Opcode ID: 60bd61d8338763e193275d770789ca317e6d5ad48d66d38ffe40c408143abd0f
                                                                                                                                                                                          • Instruction ID: f2993b73ed57a7f5ef32858992465fe25b067599ddf3065fc1e253f8196f9900
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60bd61d8338763e193275d770789ca317e6d5ad48d66d38ffe40c408143abd0f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 61E04F59F8B612A0FB56AB91D8517B42210DF59FC0F445031ED0D4A7D2DF1CE581C739
                                                                                                                                                                                          Function 00007FF8A8738D80 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2272600717-0
                                                                                                                                                                                          • Opcode ID: 95562a0fa145f06d9eefa1d15c01e6f63a6924d186dac670d583ea54314ce72c
                                                                                                                                                                                          • Instruction ID: 68e44fa02cfb32bf1b838168b1072c2480fe3f17601412450ed5cb3c78ab7bae
                                                                                                                                                                                          • Opcode Fuzzy Hash: 95562a0fa145f06d9eefa1d15c01e6f63a6924d186dac670d583ea54314ce72c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B4118222B5AA8196EAA09B25E8853A96360FBCCBC0F540131DA8D87755DF2CE451CB14
                                                                                                                                                                                          Function 00007FF8A8711B9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                          • API String ID: 2609694610-837614940
                                                                                                                                                                                          • Opcode ID: 161690fe3d120fecc0365f51744ad0243a47d203dd1c10dc79fd71f3304b47f8
                                                                                                                                                                                          • Instruction ID: 4e826aa4a8e062c2d9fee592a5c5a2fa82ddd50664ee11196bce57209cfc9697
                                                                                                                                                                                          • Opcode Fuzzy Hash: 161690fe3d120fecc0365f51744ad0243a47d203dd1c10dc79fd71f3304b47f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: D431C233A4AB8196EB609F11E8003A9B2A0FB44BD4F548534EE8C17FA9DF3CD551D768
                                                                                                                                                                                          Function 00007FF8A8711B8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_mallocmemcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 2350084802-592572767
                                                                                                                                                                                          • Opcode ID: a85f72143a0c0fd1736c704b1baba5e9bdc4db8ed992779f532dbe1233837df9
                                                                                                                                                                                          • Instruction ID: 936b3937e576bcc7abb814c978986f515377f07394b759c63260a20cfe51cb46
                                                                                                                                                                                          • Opcode Fuzzy Hash: a85f72143a0c0fd1736c704b1baba5e9bdc4db8ed992779f532dbe1233837df9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1331E422B4AB8191F760DB02E40076A6791FB84BD4F184131EE9C5BFA9CF3DE5528B18
                                                                                                                                                                                          Function 00007FF8A875CA20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 2581946324-1507966698
                                                                                                                                                                                          • Opcode ID: 5d8c67b895b3c50561d38290c557db9f06c88ca0d133ecff49650a370d8977e5
                                                                                                                                                                                          • Instruction ID: 2d73ee4a56b8f908d5ab0af2d391d55fdc12001eba9fbd02132a287ca9714cdf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d8c67b895b3c50561d38290c557db9f06c88ca0d133ecff49650a370d8977e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: E431BD72A2DBC091E7108B10F0407AAB7A0E7847E8F445235FAD907B99CF7CD290CB14
                                                                                                                                                                                          Function 00007FF8A8711E4C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$4
                                                                                                                                                                                          • API String ID: 2011826501-211860627
                                                                                                                                                                                          • Opcode ID: 5d45f23a3ec260e8048e75da4e62eae19f54caca38a67e6f6395f620907aac9c
                                                                                                                                                                                          • Instruction ID: b437249f4e90a418d25844b176743cef1450364f95bae8af417c5f51721b8bef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d45f23a3ec260e8048e75da4e62eae19f54caca38a67e6f6395f620907aac9c
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA21C33274EB42A5E7549B12E5447B9B765FB44FC4F084035EE8D07B9ACF2CE5418714
                                                                                                                                                                                          Function 00007FF8A871DFE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c$F
                                                                                                                                                                                          • API String ID: 1457121658-4203526889
                                                                                                                                                                                          • Opcode ID: a3cd77f036b2bc36b14fd0ebc9cb259e1bd49fbc175166a75b899e9f387e85d3
                                                                                                                                                                                          • Instruction ID: c0587b01d4dcb3ed1cd10b3c4796ae377e5db868be0c1ae969ababc6edf6c1ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: a3cd77f036b2bc36b14fd0ebc9cb259e1bd49fbc175166a75b899e9f387e85d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: AC21A536B0AB8181EB009B15E9003A963A0F788FC4F584135EF9C57B99DF3DD951CB18
                                                                                                                                                                                          Function 00007FF8A8725E70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 2148955802-4238427508
                                                                                                                                                                                          • Opcode ID: b2ac1617885e30515bd3331832a3824524bd7ba21c1496dd31ef2bb6b46e8c94
                                                                                                                                                                                          • Instruction ID: 49ad92a4e575aa35d361ae82262048782067f3e73d82e3044cfd8120b1e5f47d
                                                                                                                                                                                          • Opcode Fuzzy Hash: b2ac1617885e30515bd3331832a3824524bd7ba21c1496dd31ef2bb6b46e8c94
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E11A325F5F65265F7A19B05E0403B86681FB81BD4F440535DA8C0BB84EF7CE6858728
                                                                                                                                                                                          Function 00007FF8A8711EA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                          • API String ID: 2148955802-1527728938
                                                                                                                                                                                          • Opcode ID: 19eeffa5107bfee824819ae2d4f177631e91d9b2f0d3a63995373046b4eacfc3
                                                                                                                                                                                          • Instruction ID: f14e01fe36468e50be5d07a851bd5070223c5830f92730428fb0ae4b618926aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 19eeffa5107bfee824819ae2d4f177631e91d9b2f0d3a63995373046b4eacfc3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F11E522F6E78391FB568745B2803296651EF44BC0F089134EBAD07B95DF2CE9918718
                                                                                                                                                                                          Function 00007FF8A8727D40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 3962629258-4238427508
                                                                                                                                                                                          • Opcode ID: 59cb654d803b1f208d3a9cbb58e2b8480ccce989ff7860c3020f46270b625d2a
                                                                                                                                                                                          • Instruction ID: 8d022582cd538e985794db9ee60dea7de77886e2ce92f33e134bd66f4f4e053d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 59cb654d803b1f208d3a9cbb58e2b8480ccce989ff7860c3020f46270b625d2a
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9019632B5AB8161EB959B25E5403E9A2D0FF48BC0F484136EF5C47B85EF3CE5A18714
                                                                                                                                                                                          Function 00007FF8A8711F55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                          • API String ID: 3962629258-2868363209
                                                                                                                                                                                          • Opcode ID: 1836bb05a4f62116483b270b8fe70ac1791ed0b9384182d7233336a295cb44e9
                                                                                                                                                                                          • Instruction ID: 7ef8d7ddbc53ac8e8f2c26f2d76f14f73b91eec177873e0dd57e75d95cc8352a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1836bb05a4f62116483b270b8fe70ac1791ed0b9384182d7233336a295cb44e9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66110021B1BB81A2E7918B51F5447A873A0EB08FD4F080130EE9C0BB99DF3CD2C18324
                                                                                                                                                                                          Function 00007FF8A8711CC6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_mallocP_expand_block
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                          • API String ID: 3543690440-2721125279
                                                                                                                                                                                          • Opcode ID: 08f26bc5cef2c74bc437e48d09897db956cf6b275f9dbeb6f4336e90eee26c23
                                                                                                                                                                                          • Instruction ID: 998f7eb2415faff17c520e6618e6e44fe414aeb4dfde424fca65f3bdb90fd263
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08f26bc5cef2c74bc437e48d09897db956cf6b275f9dbeb6f4336e90eee26c23
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF01D866B1AB4192EB408F21E40026963A4FB4CFC8F148034EF4C4B7A9EF3CD4908714
                                                                                                                                                                                          Function 00007FF8A8733900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3962629258-1218263599
                                                                                                                                                                                          • Opcode ID: 82cc0c290bd63d22a3bb1b67c53c11106551047646f95201d2823dbe769c54a3
                                                                                                                                                                                          • Instruction ID: 309f1c9fd05c4f63154d7f12189368c2e349fde9480563d9d9751d553d6d5618
                                                                                                                                                                                          • Opcode Fuzzy Hash: 82cc0c290bd63d22a3bb1b67c53c11106551047646f95201d2823dbe769c54a3
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1011A3271BB9291EB508F12E8802997364EB99BC0F089031EECC47B55DF3CD5508714
                                                                                                                                                                                          Function 00007FF8A8767AE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3962629258-1218263599
                                                                                                                                                                                          • Opcode ID: eeb5d4d8649d2da17d62270f6c599bd3ca5c6421b882ea7982d3a08df20dd110
                                                                                                                                                                                          • Instruction ID: d666ec90ef284bfad92c4dbd8173f6ee79b87a8fe48cb8c1652600cbbd823a10
                                                                                                                                                                                          • Opcode Fuzzy Hash: eeb5d4d8649d2da17d62270f6c599bd3ca5c6421b882ea7982d3a08df20dd110
                                                                                                                                                                                          • Instruction Fuzzy Hash: ED011632B1BB9291EB508F12E8802A973A4EB99BC0F488031EE9C87B55DF3CD5608714
                                                                                                                                                                                          Function 00007FF8A8756A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3962629258-1218263599
                                                                                                                                                                                          • Opcode ID: 8d5aab214fd404bef3fc709da8b0426a893f35599c19c384ca151d23c2458978
                                                                                                                                                                                          • Instruction ID: c2089d573d7d7e77219389e6cb937657d746e610fe78e8e60a3229e5ec87520d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d5aab214fd404bef3fc709da8b0426a893f35599c19c384ca151d23c2458978
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9012836B1BB9291EB50CF12E88069A73A4EB99BC0F089031EE8C87B55DF3CD560C714
                                                                                                                                                                                          Function 00007FF8A874FD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 3962629258-1218263599
                                                                                                                                                                                          • Opcode ID: 690931dd4660a8e1c3abbbbf885b13e2506281f35b338e317031ea349117d685
                                                                                                                                                                                          • Instruction ID: 6f5257671d486bcf169a49b1c6758368a28b24a5c6134716eca5c03b6c65fedf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 690931dd4660a8e1c3abbbbf885b13e2506281f35b338e317031ea349117d685
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96011632B1BB9291EB508F12E88069973A4EB99BC0F088031EE8C87B59DF3CD5608714
                                                                                                                                                                                          Function 00007FF8A8711C03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                          • API String ID: 2148955802-2868363209
                                                                                                                                                                                          • Opcode ID: 178e9497fad3f2a4ff0ef21f609f41b639233a161d0df03aafb23d5c47e84525
                                                                                                                                                                                          • Instruction ID: fcef412af5256cd9808dd7bd4aca9295b2058a440f86f34a51b81953d9b32000
                                                                                                                                                                                          • Opcode Fuzzy Hash: 178e9497fad3f2a4ff0ef21f609f41b639233a161d0df03aafb23d5c47e84525
                                                                                                                                                                                          • Instruction Fuzzy Hash: 52F04C22B9EA4291EB45CB16EA807FC2391EF48BC0F0C8031DD5C47B59EF2CD2918714
                                                                                                                                                                                          Function 00007FF8A8718E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\pqueue.c
                                                                                                                                                                                          • API String ID: 2513334388-354262084
                                                                                                                                                                                          • Opcode ID: 7f5c6d1fc43aa2d2bbb5b36b69cdf226d291e47c092f4a89c86f37d36a983452
                                                                                                                                                                                          • Instruction ID: e6385508644562eecbf528942f7f9941e43af4d788e3678236f9dddb8d0a5810
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f5c6d1fc43aa2d2bbb5b36b69cdf226d291e47c092f4a89c86f37d36a983452
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9016D36B0AA4196DB41CB15E5447A973A1FB48BC4F544036DB5C03BA5EF38D658CB14
                                                                                                                                                                                          Function 00007FF8A8746CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                          • Opcode ID: e3141c5992fd8e8eab726a4de85d7e3daf78a5c6a36883fed29ca62df062fa42
                                                                                                                                                                                          • Instruction ID: ed70dd63bcd383345b889c17aeafa563b9a9db0962e110929c0c6f2c1d4a2494
                                                                                                                                                                                          • Opcode Fuzzy Hash: e3141c5992fd8e8eab726a4de85d7e3daf78a5c6a36883fed29ca62df062fa42
                                                                                                                                                                                          • Instruction Fuzzy Hash: 74017132B09B81A5DB81DF19D4807A873A8FB85FC4F188132DE5C0B7A5CF34C5858310
                                                                                                                                                                                          Function 00007FF8A8729B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                          • API String ID: 2641571835-3659835543
                                                                                                                                                                                          • Opcode ID: 43273745b5347fdd41e96acaf56ae468701052affd1fd60802e98f95bb950175
                                                                                                                                                                                          • Instruction ID: 10f14faa9a6a20e08936811d22ad021cd8490bb1ec9447e1a8e16c09fb4fd4f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 43273745b5347fdd41e96acaf56ae468701052affd1fd60802e98f95bb950175
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95F09032B0AB42A1EB519B56F6407B863A0EF58BD4F084032EE5C57B95EF7CD4A08724
                                                                                                                                                                                          Function 00007FF8A8756D00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 2641571835-1218263599
                                                                                                                                                                                          • Opcode ID: 4443a19ce801fa2f38ee564212dfacdf1dad8c59d96f0d6752c382a5dd0d0d13
                                                                                                                                                                                          • Instruction ID: 99b5f53e5fe7b15abe0f1bb0932ea9f56b14aa90e1246486c0dfc9ebc3034da2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4443a19ce801fa2f38ee564212dfacdf1dad8c59d96f0d6752c382a5dd0d0d13
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F03036B4BE42A5EB44AB15E8916E87320EF4DFD4F448036EA0C877A6DF2CD561C714
                                                                                                                                                                                          Function 00007FF8A8767D00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 2641571835-1218263599
                                                                                                                                                                                          • Opcode ID: 64ab56c54da3a3f0f0f2b16151768cc2328846c4935f2feb436605d04a5d6344
                                                                                                                                                                                          • Instruction ID: 99b5f53e5fe7b15abe0f1bb0932ea9f56b14aa90e1246486c0dfc9ebc3034da2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 64ab56c54da3a3f0f0f2b16151768cc2328846c4935f2feb436605d04a5d6344
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F03036B4BE42A5EB44AB15E8916E87320EF4DFD4F448036EA0C877A6DF2CD561C714
                                                                                                                                                                                          Function 00007FF8A874FF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                          • String ID: c:\a\6\s\ssl\packet_locl.h
                                                                                                                                                                                          • API String ID: 2641571835-1218263599
                                                                                                                                                                                          • Opcode ID: 43847e487971f886af575f9619a387cd3ec89e43bb4a790e5bca43ea5b60f1dc
                                                                                                                                                                                          • Instruction ID: 99b5f53e5fe7b15abe0f1bb0932ea9f56b14aa90e1246486c0dfc9ebc3034da2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 43847e487971f886af575f9619a387cd3ec89e43bb4a790e5bca43ea5b60f1dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F03036B4BE42A5EB44AB15E8916E87320EF4DFD4F448036EA0C877A6DF2CD561C714
                                                                                                                                                                                          Function 00007FF8A8743C80 Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_unlockH_deleteH_retrieve
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1793884636-0
                                                                                                                                                                                          • Opcode ID: 20047998944a814fbcf33cb3746300f07edaca980de84f25069ef87140b737f9
                                                                                                                                                                                          • Instruction ID: dbf31f4fe87a6d05baf61200a67bcc4e74434acb727cb4205019f0e1e9686273
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20047998944a814fbcf33cb3746300f07edaca980de84f25069ef87140b737f9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5721C321B6FB8295EB54DB56940067D92A1EF88FC0F084031EE1D4BB86DF3DD8018B24
                                                                                                                                                                                          Function 00007FF8A8711B40 Relevance: 4.5, APIs: 3, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_unlockD_write_lockH_set_down_load
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3243170206-0
                                                                                                                                                                                          • Opcode ID: 7c46cc46120e4e0be1e095f47cc15411eab864c593159186eb6ea1fd04625f82
                                                                                                                                                                                          • Instruction ID: a0de56bc2f3071a0347c2bc290583d432002ca4cf057dde61412a94745948707
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c46cc46120e4e0be1e095f47cc15411eab864c593159186eb6ea1fd04625f82
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C012122B5AB81A2DA10DB56E48116D6360FFCCBD4F544131FA4D47B56DF3CE521C718
                                                                                                                                                                                          Function 00007FF8A8760F00 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,00007FF8A8760C33), ref: 00007FF8A876121D
                                                                                                                                                                                            • Part of subcall function 00007FF8A87607E0: CRYPTO_malloc.LIBCRYPTO-1_1(?,00007FF8A875FE43), ref: 00007FF8A876081B
                                                                                                                                                                                            • Part of subcall function 00007FF8A87607E0: ERR_put_error.LIBCRYPTO-1_1(?,00007FF8A875FE43), ref: 00007FF8A8760843
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                          • API String ID: 2160744234-3140652063
                                                                                                                                                                                          • Opcode ID: 2eb6a37a8a4d1b55963d2e3916000a6b0ef3e239bda2c0f93615a071388ee1c7
                                                                                                                                                                                          • Instruction ID: dd5dfed45e40b9b3da7dc8fdc526e98f3a24d22ea6fff40537e4b003a921e580
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eb6a37a8a4d1b55963d2e3916000a6b0ef3e239bda2c0f93615a071388ee1c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AA1DF73A0AAC696EB21CB25D4442B977A0FB95BC4F044231DB8D47B96EF3DE094C724
                                                                                                                                                                                          Function 00007FF8A87119B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 1457121658-1507966698
                                                                                                                                                                                          • Opcode ID: d673e230224418802c9ee0fc61558f4de0820fc47b1c53415483aca9a2f3c3fb
                                                                                                                                                                                          • Instruction ID: 0ce8f22bbcc50b416ccbb3fa369930560d96b834a45cae7e7b9736addb3d18cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: d673e230224418802c9ee0fc61558f4de0820fc47b1c53415483aca9a2f3c3fb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E310532B4A7819AE7149B11F4007ADB7A0FB85BD4F484230EA9C47B95DF3CD291D719
                                                                                                                                                                                          Function 00007FF8A8757E6F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 1457121658-1507966698
                                                                                                                                                                                          • Opcode ID: f553896e5aa0eb456cef5d22f9417dab30b1f450b8d9af471c01d76deb3453b2
                                                                                                                                                                                          • Instruction ID: 44cd76eda1a1efb8641e4188da0f8a1e4e66e5f328f2b2c61530b5200f71aa00
                                                                                                                                                                                          • Opcode Fuzzy Hash: f553896e5aa0eb456cef5d22f9417dab30b1f450b8d9af471c01d76deb3453b2
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD312932B4EA4695E724CF11E9006BDBB91DB81BD8F449231DAAD0B7C5DF3CD2518314
                                                                                                                                                                                          Function 00007FF8A8711AB4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 2581946324-592572767
                                                                                                                                                                                          • Opcode ID: f3ecefee9bcb7d9a04b0b8e0ee77ec492f4a2bc1a7e5b4783c1cf10ea48dfe90
                                                                                                                                                                                          • Instruction ID: 4bd66cde3e045f3df7e290e1c22d3ae5447d4b54c6cc4553b6c9587103962a15
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ecefee9bcb7d9a04b0b8e0ee77ec492f4a2bc1a7e5b4783c1cf10ea48dfe90
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9421C732B4D64152E7509B96F1403AEA360FB44BC4F144031DE5C4BBAADF3DE8818B78
                                                                                                                                                                                          Function 00007FF8A8718AF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                          • API String ID: 2581946324-1434567093
                                                                                                                                                                                          • Opcode ID: c94538580860ac6f0dd4d3e3b5e2d3b9c22995ab0ec359a4b6d598912a330b54
                                                                                                                                                                                          • Instruction ID: 6ecf7d321ea5b0e7ff0f3f641ea6b422cbbab4e4dc44877dc1024a1d49e1568a
                                                                                                                                                                                          • Opcode Fuzzy Hash: c94538580860ac6f0dd4d3e3b5e2d3b9c22995ab0ec359a4b6d598912a330b54
                                                                                                                                                                                          • Instruction Fuzzy Hash: A7219AB6B16B4991DF65CF29C098B7863A4FB58BC8F568431DA1C43B60EF3AD420C324
                                                                                                                                                                                          Function 00007FF8A8711F5F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_strdup
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 1296259186-592572767
                                                                                                                                                                                          • Opcode ID: 0e96f5486a9c86993f531d0f9bee11afe7e7360e008dea49c8eaaa8e04b031e0
                                                                                                                                                                                          • Instruction ID: f36e9103c6aab6c00f8e4925747b3d7e3aba7e7fa44c23804bb49f0818de3476
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e96f5486a9c86993f531d0f9bee11afe7e7360e008dea49c8eaaa8e04b031e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5221D432A8EA4595F7A09B00E8447BE6760F744BE8F940131DA5D0B6A5CFBCD6C5CB18
                                                                                                                                                                                          Function 00007FF8A871DCF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                          • API String ID: 2581946324-837614940
                                                                                                                                                                                          • Opcode ID: a40e4c01ded770121cc6210f39a78a8d18fa9b240fbe0e702c87c7e42915363b
                                                                                                                                                                                          • Instruction ID: c499a4f88754744c505f8afc757e340c4db748add8cf368cc57cf198c8685a8c
                                                                                                                                                                                          • Opcode Fuzzy Hash: a40e4c01ded770121cc6210f39a78a8d18fa9b240fbe0e702c87c7e42915363b
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB01483262AB92E5EA509F05E54029C67A4FB48B84F591136EB8C0BA55CF38D162CB90
                                                                                                                                                                                          Function 00007FF8A8717CF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                          • API String ID: 2581946324-1434567093
                                                                                                                                                                                          • Opcode ID: 62f60933037da910d7077f734ddb183dea72e790f1214cb6b053f64371f3f153
                                                                                                                                                                                          • Instruction ID: cc6c06b9e8b9756a6fac06823769d64ec175ba8ecf526bdbb1224c28d74c8a5d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 62f60933037da910d7077f734ddb183dea72e790f1214cb6b053f64371f3f153
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0B4A2B5A60252EB119B26C44037823B1EF487D0F442030DA4C8BBA5DF6CD8D1C728
                                                                                                                                                                                          Function 00007FF8A8746C50 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                          • Opcode ID: 7164dbfd80076827dbd28b1f2aeff73028a82f0832e4444926e121e6a36e1ef0
                                                                                                                                                                                          • Instruction ID: a91372d5bedf30720ad3c3a6e8b8877233947cdbd7cec63da54e0d408c577553
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7164dbfd80076827dbd28b1f2aeff73028a82f0832e4444926e121e6a36e1ef0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF09BB2F076418AF7909F78D4447942291FB44B95F581230D61C8F3D1EF2B95E2C724
                                                                                                                                                                                          Function 00007FF8A8717BA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                          • API String ID: 2581946324-1434567093
                                                                                                                                                                                          • Opcode ID: d015a26117427757ddc54211e59d7268a83010bbaab9829161d2671efcafd637
                                                                                                                                                                                          • Instruction ID: 869cfb550e2bf01c3d0d4c9ded451d732b198db78c2c4d77f0e725f73d3ed909
                                                                                                                                                                                          • Opcode Fuzzy Hash: d015a26117427757ddc54211e59d7268a83010bbaab9829161d2671efcafd637
                                                                                                                                                                                          • Instruction Fuzzy Hash: 24E09226B1FA4191FF509F46E4407B41221FF58BC4F580034EA4C47B95DF2CD4508724
                                                                                                                                                                                          Function 00007FF8A87240B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                          • API String ID: 2011826501-1839494539
                                                                                                                                                                                          • Opcode ID: 6d15e9bca7093c64b67abccaf57bc47edc1c3f3c4f044bc31ce0d445c21825d7
                                                                                                                                                                                          • Instruction ID: 6355b2db917b573ba188950e4ee85bd5e7b55b940a98a6e74575c34fb8707fc6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d15e9bca7093c64b67abccaf57bc47edc1c3f3c4f044bc31ce0d445c21825d7
                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE0E576B4AB80D4DB409B6AD8893E823A0FB49F94F584132DE5D8B361CF29C197C324
                                                                                                                                                                                          Function 00007FF8A8746EB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                          • Opcode ID: bd8ef7996465aaa123a9ed5fcd9aa2ec83acebaf0b4b8fd92fb51a958bfe70fe
                                                                                                                                                                                          • Instruction ID: c0dc3c2d00fb732307e7f8d88caf80c80aae0a948ad846a40329f133281a868f
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd8ef7996465aaa123a9ed5fcd9aa2ec83acebaf0b4b8fd92fb51a958bfe70fe
                                                                                                                                                                                          • Instruction Fuzzy Hash: D7E0C2A6B4678090EB80AB19C4483E83310EB48FC0F084131DE8C4F3B1DF69C0C68328
                                                                                                                                                                                          Function 00007FF8A8746E40 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                          • Opcode ID: 1ae04f608c47b7b071d537360b43de49cb38d9448fa9a7f12d68393753ed3c2c
                                                                                                                                                                                          • Instruction ID: 2b934f210e3fe6fc8068421b9b219130e1c211cad6a8e9c10074ca45f829769a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ae04f608c47b7b071d537360b43de49cb38d9448fa9a7f12d68393753ed3c2c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CE0C2A2B4674290EB40AB19C4887F83320FB88FC0F084031DE5C4F3A2DF29C0868324
                                                                                                                                                                                          Function 00007FF8A8725FAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 2581946324-4238427508
                                                                                                                                                                                          • Opcode ID: 7ae72a30f544c8c2a7bb2631f02d0963bb63774449a42ec570a7266584d9cf7e
                                                                                                                                                                                          • Instruction ID: 596ae02471d9cb6147a01d14d4fb88957cb9b9b6295e8f0ab6e3e2dfc5785fdd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ae72a30f544c8c2a7bb2631f02d0963bb63774449a42ec570a7266584d9cf7e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FE04622A0AA5191E701AF25E0406A86352E780BA8F090032DE0C0B695DE7AD0A2C324
                                                                                                                                                                                          Function 00007FF8A871DC90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                          • API String ID: 2581946324-837614940
                                                                                                                                                                                          • Opcode ID: 0fab9104d690dfdc4b2c58140b20426d9cbe820762dd88e720a3d67a9eb35bd8
                                                                                                                                                                                          • Instruction ID: 19dc8b4c5e55b1529e3b3b56222ed3dd88567274ee5dc0815192c1b92fe96e08
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fab9104d690dfdc4b2c58140b20426d9cbe820762dd88e720a3d67a9eb35bd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: F9D05E56F46A4091E7007B55D8053E42350FB08B85F044034ED4C4E782DF1D91858B24
                                                                                                                                                                                          Function 00007FF8A871DBE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                          • API String ID: 2581946324-837614940
                                                                                                                                                                                          • Opcode ID: 89b000c5dabd9ea683806d246d5a4687071895b774cc8c145858db24a744a993
                                                                                                                                                                                          • Instruction ID: 66091c4ef8859d5bbf03fc2c0f3571623c1a8e8307fb9fa178625a81f9156dfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89b000c5dabd9ea683806d246d5a4687071895b774cc8c145858db24a744a993
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DD0A762F0A50195EB017F21D8013A42350EB48B84F458030D50C4B742DF2C9584C724
                                                                                                                                                                                          Function 00007FF8A876AEB0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                          • Opcode ID: 93a04d3b6f8ccf0020798d0397c8e16ed48a0930a2fe11fdc3b0c287641772ed
                                                                                                                                                                                          • Instruction ID: 85a3fcd0855b26e6ec390d031a5d49f6b2499b544e6f0dfd2e2aaa4114f9a335
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93a04d3b6f8ccf0020798d0397c8e16ed48a0930a2fe11fdc3b0c287641772ed
                                                                                                                                                                                          • Instruction Fuzzy Hash: D23126A2A0AAC192EB214724E4012F9F760FB857E0F084331EAEC03AD1DF2CD2918B14
                                                                                                                                                                                          Function 00007FF8A874FA50 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                          • Opcode ID: f33865e7c834f3f591e9e9f89c30cc85254ed43a6fca7aa66533db7c50c5e956
                                                                                                                                                                                          • Instruction ID: 5a651632537007a8428e01bb4dc93e35b4a9be1a8d0ec392b565663944935a53
                                                                                                                                                                                          • Opcode Fuzzy Hash: f33865e7c834f3f591e9e9f89c30cc85254ed43a6fca7aa66533db7c50c5e956
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66D0A716F4700241E744B2398C9617802C0EB40780F948034E10DC1691CE0CD5A64621
                                                                                                                                                                                          Function 00007FF8A872DC70 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_run_once
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1403826838-0
                                                                                                                                                                                          • Opcode ID: 3d1d8dcc834ca68df5184b44c32516a09371736920b72a4f63686e531f5e49df
                                                                                                                                                                                          • Instruction ID: a6d0862b586bf5872d9dea25ada896a0c722e4d74551daf558f07e96c0da3c7d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d1d8dcc834ca68df5184b44c32516a09371736920b72a4f63686e531f5e49df
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CD09E29F8B503A6EA44A728DC561B56351EF48380F404075E40E86561DF1CA905CB68
                                                                                                                                                                                          Function 00007FF7279C6100 Relevance: 166.6, APIs: 31, Strings: 64, Instructions: 348libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoadfree
                                                                                                                                                                                          • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                          • API String ID: 4213687213-1453502826
                                                                                                                                                                                          • Opcode ID: cb2fa62a8f8e6ac988676ce7f6d3900f01d351ce840ebba6e707bf807f134332
                                                                                                                                                                                          • Instruction ID: 93c3a6593fbb9519cde8c499db94ae193e625b18796518d5c40f38397913866c
                                                                                                                                                                                          • Opcode Fuzzy Hash: cb2fa62a8f8e6ac988676ce7f6d3900f01d351ce840ebba6e707bf807f134332
                                                                                                                                                                                          • Instruction Fuzzy Hash: C402C460A0EB0790EE55FB14EFA50B4A7A5EF5B780BC4543AC48D062A5EE6CE107CF30
                                                                                                                                                                                          Function 00007FF8A8711E47 Relevance: 63.4, APIs: 19, Strings: 17, Instructions: 441COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$D_sizeL_cleanseX_new$X_reset
                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$CLIENT_EARLY_TRAFFIC_SECRET$CLIENT_HANDSHAKE_TRAFFIC_SECRET$CLIENT_TRAFFIC_SECRET_0$EARLY_EXPORTER_SECRET$EXPORTER_SECRET$SERVER_HANDSHAKE_TRAFFIC_SECRET$SERVER_TRAFFIC_SECRET_0$c ap traffic$c e traffic$c hs traffic$e exp master$exp master$finished$res master$s ap traffic$s hs traffic
                                                                                                                                                                                          • API String ID: 2058625460-2823458745
                                                                                                                                                                                          • Opcode ID: 828bc4e07da1edb6e5280f2130e6b0f1ae9111debb28a28bee823e7fa26c9e14
                                                                                                                                                                                          • Instruction ID: 192984abf2b6e7de5a0f33a90d3359c019e47c4b895657e0960990796f49b405
                                                                                                                                                                                          • Opcode Fuzzy Hash: 828bc4e07da1edb6e5280f2130e6b0f1ae9111debb28a28bee823e7fa26c9e14
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50227B32A4BB42A6EB50DB21E8403B977A5FB447C4F400136EA8C57BA5DF3CE565C728
                                                                                                                                                                                          Function 00007FF8A8711DB1 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$L_sk_num$R_put_error$L_sk_value$E_add_certL_sk_pop_freeX509_free$E_freeE_newR_add_error_dataR_clear_errorX509_get_extension_flagsX509_verify_certX509_verify_cert_error_stringX_freeX_get1_chainX_get_errorX_initX_newX_set_flags
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$Verify error:
                                                                                                                                                                                          • API String ID: 2742951747-2787608381
                                                                                                                                                                                          • Opcode ID: 8f23f0ffaa077f971528c7fe8e67f52115ef543c6c0c3a72c975c7346f5e4f6e
                                                                                                                                                                                          • Instruction ID: 988aa977053e1a898c36e619ce208d5795a26b6ecb40eea6e007757d8f735cf1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f23f0ffaa077f971528c7fe8e67f52115ef543c6c0c3a72c975c7346f5e4f6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE81C421A8F64366FB25AB2695513BDA291EF85BC4F044031EE4E477E2EF3CE541C328
                                                                                                                                                                                          Function 00007FF8A8741B80 Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741BF6
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741C1B
                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741C29
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741C4E
                                                                                                                                                                                          • X509_get_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741C62
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741CB1
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741CD7
                                                                                                                                                                                          • EVP_PKEY_missing_parameters.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741CEE
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D1A
                                                                                                                                                                                          • EVP_PKEY_copy_parameters.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D36
                                                                                                                                                                                          • EVP_PKEY_id.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D3E
                                                                                                                                                                                          • EVP_PKEY_get0_RSA.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D4B
                                                                                                                                                                                          • RSA_flags.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D53
                                                                                                                                                                                          • EVP_PKEY_cmp.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D66
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741D93
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741DE7
                                                                                                                                                                                          • X509_chain_up_ref.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741DF9
                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741E23
                                                                                                                                                                                          • OPENSSL_sk_pop_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741E45
                                                                                                                                                                                          • X509_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741E71
                                                                                                                                                                                          • X509_up_ref.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741E79
                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741EA0
                                                                                                                                                                                          • EVP_PKEY_up_ref.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741EA8
                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8A873FDEA), ref: 00007FF8A8741EEC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$L_sk_numY_free$A_flagsL_sk_pop_freeL_sk_valueX509_chain_up_refX509_freeX509_get_pubkeyX509_up_refY_cmpY_copy_parametersY_get0_Y_idY_missing_parametersY_up_ref
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                          • API String ID: 4117821453-2723262194
                                                                                                                                                                                          • Opcode ID: e6024f1cf54ac9806412a1fdec46b1d3a709c4903ee597b082f0ef5f79bfbcc9
                                                                                                                                                                                          • Instruction ID: 03bc0b53b34349ba843b3ed7ca2fc148bfaa60b2f858ff284c653ff2aa5d327c
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6024f1cf54ac9806412a1fdec46b1d3a709c4903ee597b082f0ef5f79bfbcc9
                                                                                                                                                                                          • Instruction Fuzzy Hash: B591D371A8FA82A5EB60EB52D4547B963A0FB89BC0F440136EA8D47B95CF3DD501C738
                                                                                                                                                                                          Function 00007FF7279C1C80 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 123COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen$fclose$freadfreemallocstrcpystrtok
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                          • API String ID: 790192563-666925554
                                                                                                                                                                                          • Opcode ID: f57cbaec27d77e5102e6e76f34cef0672cc91bf47a99b27e27c4533d95140d2b
                                                                                                                                                                                          • Instruction ID: d01f444a560d2de1e7dc81e3b9ece13a7e993d3c16b9a382c45edd97b716c736
                                                                                                                                                                                          • Opcode Fuzzy Hash: f57cbaec27d77e5102e6e76f34cef0672cc91bf47a99b27e27c4533d95140d2b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41DF60A4970341FE14BB228F946B99241EF1BBD4FC44139DE9D0B2D6EE2CE9178F24
                                                                                                                                                                                          Function 00007FF7279C7250 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 118COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _wputenv_s.MSVCRT ref: 00007FF7279C72A1
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C72AC
                                                                                                                                                                                          • GetTempPathW.KERNEL32 ref: 00007FF7279C72D0
                                                                                                                                                                                          • _getpid.MSVCRT(?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C72D6
                                                                                                                                                                                          • _wtempnam.MSVCRT ref: 00007FF7279C72FF
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C7314
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C733E
                                                                                                                                                                                            • Part of subcall function 00007FF7279C6FC0: GetEnvironmentVariableW.KERNEL32 ref: 00007FF7279C6FEC
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7279C712B
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: free.MSVCRT ref: 00007FF7279C7136
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: _wfullpath.MSVCRT ref: 00007FF7279C715E
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C718D
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: wcsncpy.MSVCRT ref: 00007FF7279C71BB
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71C5
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71D0
                                                                                                                                                                                            • Part of subcall function 00007FF7279C70F0: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71E2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$CreateDirectoryEnvironmentwcschr$ExpandPathStringsTempVariable_getpid_wfullpath_wputenv_s_wtempnamwcsncpy
                                                                                                                                                                                          • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                          • API String ID: 2180377646-1116378104
                                                                                                                                                                                          • Opcode ID: 94fe1ad771baa5ef8019be0b7e7c237268cd57d88db17e4b7894634381b77bfa
                                                                                                                                                                                          • Instruction ID: 3f167e377c9d13230ff7394a7c8785ba4b9c3b04c2c175f95785c538aa7d00de
                                                                                                                                                                                          • Opcode Fuzzy Hash: 94fe1ad771baa5ef8019be0b7e7c237268cd57d88db17e4b7894634381b77bfa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29416E21E0971300FD65B7226F1A6B9D251EF4BB90FC44439EC8E47792ED3EE4068E60
                                                                                                                                                                                          Function 00007FF8A87110DC Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$E_free$E_dupH_freeH_retrieveL_sk_new_nullL_sk_pop_freeL_sk_pushM_read_bio_O_ctrlO_freeR_clear_errorR_put_errorX509X509_freeX509_get_subject_name
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                          • API String ID: 1315476032-349359282
                                                                                                                                                                                          • Opcode ID: 00e58a32cfc21ac5b3b35e8b5e0e928215f7a2bcebd13ad3ffba05c767f12916
                                                                                                                                                                                          • Instruction ID: 919e2b95c63c0972d29365e6372153c309d1e2023ea15d9d0ad77257f551d455
                                                                                                                                                                                          • Opcode Fuzzy Hash: 00e58a32cfc21ac5b3b35e8b5e0e928215f7a2bcebd13ad3ffba05c767f12916
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60419D21A8F64369FB51AB2694117B99291EF8ABC4F084034ED0D0BB96EF7CE401C768
                                                                                                                                                                                          Function 00007FF7279C79A0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 98processsynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fileno_get_osfhandlesignal$Process$ByteCharCodeCommandCreateExitInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                          • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                          • API String ID: 979768843-3524285272
                                                                                                                                                                                          • Opcode ID: a020942c2306175fc575b3dcbcf1fbee665c5cf4ceceac576c63f8daeeef939e
                                                                                                                                                                                          • Instruction ID: 66a78311a3bc378e12b8f55b2b99ef8571738cf860f4832e287bdb3faeeea44f
                                                                                                                                                                                          • Opcode Fuzzy Hash: a020942c2306175fc575b3dcbcf1fbee665c5cf4ceceac576c63f8daeeef939e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E418131A0878346EB20BB60F9593EAA350EB86794F804139DACD077DADF7DD0468F50
                                                                                                                                                                                          Function 00007FF8A8763B00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$X_free$L_sk_numL_sk_valueR_clear_errorX509_verify_certX_get0_chainX_initX_new
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                          • API String ID: 763122443-2839845709
                                                                                                                                                                                          • Opcode ID: 075e843ef75536d1c9cd74613c60976b59a86466f3289857b931039d86a0a7d4
                                                                                                                                                                                          • Instruction ID: 0d0298697d93d2b53c827796617a3e3d91b016f07803cb857669b5ca3433da64
                                                                                                                                                                                          • Opcode Fuzzy Hash: 075e843ef75536d1c9cd74613c60976b59a86466f3289857b931039d86a0a7d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F851C660B8F68261FB61AA2258507BE6680EF85FC4F184034ED4D47BD2DF2CE542C72C
                                                                                                                                                                                          Function 00007FF7279C8450 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                          • API String ID: 1339360106-2855260032
                                                                                                                                                                                          • Opcode ID: 58d671a6e91dc78ac1c18a5b40ca2ceb27d8dc716d7c7e1205937086c6fd2c2d
                                                                                                                                                                                          • Instruction ID: cee7c9beb727f8532adb8296b532de90869bf1789db8750a3b645469cb6641a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 58d671a6e91dc78ac1c18a5b40ca2ceb27d8dc716d7c7e1205937086c6fd2c2d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31873160874346E7206B11BE44BAAA361FB86BA5F944235EDAD47BD4DF7CE406CF10
                                                                                                                                                                                          Function 00007FF7279CE280 Relevance: 25.7, APIs: 17, Instructions: 223COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1093732947-0
                                                                                                                                                                                          • Opcode ID: 2a51c938111ea60062d7b1cb864948144121cb3a040835f96f830c8addd3cd22
                                                                                                                                                                                          • Instruction ID: 0d8c0633e0ae7f993693c56ba51a2f37c4cd722633daaaf178aca09c5e55dc6c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a51c938111ea60062d7b1cb864948144121cb3a040835f96f830c8addd3cd22
                                                                                                                                                                                          • Instruction Fuzzy Hash: 97A12C66B04B1688EF00ABA6DD452BC63B4FB0AB98F804539DE9D17799DF3CD4028720
                                                                                                                                                                                          Function 00007FF7279C4FB0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 138stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strncmp.MSVCRT ref: 00007FF7279C506F
                                                                                                                                                                                          • mbstowcs.MSVCRT(00000000,C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\al,C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI65682,?,?,?,_MEIPASS2,00007FF7279C56C4), ref: 00007FF7279C509F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\al, xrefs: 00007FF7279C4FBD
                                                                                                                                                                                          • _MEIPASS2, xrefs: 00007FF7279C4FB0
                                                                                                                                                                                          • Failed to convert Wflag %s using mbstowcs (invalid multibyte string), xrefs: 00007FF7279C51B9
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI65682, xrefs: 00007FF7279C4FBC
                                                                                                                                                                                          • pyi-, xrefs: 00007FF7279C503C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: mbstowcsstrncmp
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\al$C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI65682$Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$_MEIPASS2$pyi-
                                                                                                                                                                                          • API String ID: 1807066385-508210904
                                                                                                                                                                                          • Opcode ID: d67b039c012a96123b6d05d4575c6612e2422332ccb31e287ed74e3bea63ed2c
                                                                                                                                                                                          • Instruction ID: 61838770e1afc0f29ec323ad58141bf36f23324b0e8d770c252c9b112d4fa32e
                                                                                                                                                                                          • Opcode Fuzzy Hash: d67b039c012a96123b6d05d4575c6612e2422332ccb31e287ed74e3bea63ed2c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 40513B21A0875785FF14BB26DE44379A261EB8AB80FD4413ACD8D47396EE3DE4438B60
                                                                                                                                                                                          Function 00007FF8A8770D20 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_ctrl$R_put_errorX_free
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_enc.c$5$7
                                                                                                                                                                                          • API String ID: 250720567-3625921376
                                                                                                                                                                                          • Opcode ID: 3ae972235292024a7fc3ead35476b7aa594fbede8c3ce86f09c99634b3f02422
                                                                                                                                                                                          • Instruction ID: cacb97867e013825b5d5ae0e09b4b4587ba5e9a62e6fe9f42ec6f6dde20f69a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ae972235292024a7fc3ead35476b7aa594fbede8c3ce86f09c99634b3f02422
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A616531B4A78196F730EA25A40076A7691FB88BD4F144234EE9C47BD9DF7CE541CB18
                                                                                                                                                                                          Function 00007FF7279C31B0 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 202stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C3140: strcpy.MSVCRT(?,?,_MEIPASS2,?,00007FF7279C362C), ref: 00007FF7279C3183
                                                                                                                                                                                          • strcmp.MSVCRT ref: 00007FF7279C333C
                                                                                                                                                                                          • strcmp.MSVCRT ref: 00007FF7279C335F
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: fread.MSVCRT ref: 00007FF7279C7891
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: ferror.MSVCRT ref: 00007FF7279C78A1
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: clearerr.MSVCRT(?,00000000,?,00007FF7279C3267,?,00000000,?,00000000,?,?,_MEIPASS2,?,00007FF7279C362C), ref: 00007FF7279C78AD
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: fclose.MSVCRT ref: 00007FF7279C78E9
                                                                                                                                                                                            • Part of subcall function 00007FF7279C7820: fclose.MSVCRT ref: 00007FF7279C78F1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclosestrcmp$clearerrferrorfreadstrcpy
                                                                                                                                                                                          • String ID: %s%s%s$%s%s%s%s%s$%s%s%s%s%s%s%s$%s%s%s.exe$%s%s%s.pkg$Archive not found: %s$Archive path exceeds PATH_MAX$Error copying %s$Error extracting %s$Error opening archive %s$_MEIPASS2$malloc
                                                                                                                                                                                          • API String ID: 2929065527-1083822304
                                                                                                                                                                                          • Opcode ID: 741e55ce118e4f4b39332912ba0c36f1228ecd4a9ab640ae4312d50bc1259a36
                                                                                                                                                                                          • Instruction ID: 54c29eb847c65aad61953d9d733948475ed05a14720a8a9c084ce468acf5afcd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 741e55ce118e4f4b39332912ba0c36f1228ecd4a9ab640ae4312d50bc1259a36
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B814021A08B4391FE10BB21AE441FAA264EF4ABD4FC44135ED8D476D6DE3CE5478F29
                                                                                                                                                                                          Function 00007FF7279C70F0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7279C712B
                                                                                                                                                                                          • free.MSVCRT ref: 00007FF7279C7136
                                                                                                                                                                                          • _wfullpath.MSVCRT ref: 00007FF7279C715E
                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C718D
                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 00007FF7279C71BB
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71C5
                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71D0
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7279C728B,?,?,?,00000000,?,00000012,00000000,00000000,00007FF7279C744B), ref: 00007FF7279C71E2
                                                                                                                                                                                          • _wcsdup.MSVCRT ref: 00007FF7279C71FB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7279C7210
                                                                                                                                                                                          • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7279C7230
                                                                                                                                                                                          • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7279C7240
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectorywcschr$ByteCharEnvironmentExpandMultiStringsWide_wcsdup_wfullpathfreewcslenwcsncpy
                                                                                                                                                                                          • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                          • API String ID: 274989731-3498232454
                                                                                                                                                                                          • Opcode ID: 2b64dcd32105078395a056f4d30882f9cc145274d63e3d3a9e34ba186b5fb7b8
                                                                                                                                                                                          • Instruction ID: 5d1f4b9ee27c12470ef5efa219d5bcfcbb04368532b3a783e8d03264b9dcdadf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b64dcd32105078395a056f4d30882f9cc145274d63e3d3a9e34ba186b5fb7b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: B131A011B4974749FE65B7666F193BAD181DF4EBC0FC94038DE8D0A386ED2CE4424E20
                                                                                                                                                                                          Function 00007FF8A8711C30 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Digest$SignY_new_raw_private_key$FinalInitL_cleanseUpdateX_freeX_newY_free
                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$finished
                                                                                                                                                                                          • API String ID: 2202177965-3224497825
                                                                                                                                                                                          • Opcode ID: 2816fe4870f40e959f7b44cc93383418d0bead9498ae76b310b75180e0229bd1
                                                                                                                                                                                          • Instruction ID: 3e5b9e642a6e58b55f011405fc808d8e42d06f0c37c9c6b783cd3a2297697426
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2816fe4870f40e959f7b44cc93383418d0bead9498ae76b310b75180e0229bd1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1151922164FB82A6EA64DB62E4407EAA3A5FF84BC0F444031EE8D47B95DF7CD401C724
                                                                                                                                                                                          Function 00007FF7279C5410 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$setlocale$_strdupcalloc
                                                                                                                                                                                          • String ID: Fatal error: unable to decode the command line argument #%i$out of memory
                                                                                                                                                                                          • API String ID: 3058678114-3355598041
                                                                                                                                                                                          • Opcode ID: 8d1a0533908c89ef885aceee5aad9b25cfa68407f02f229cd15f9bb3899651e2
                                                                                                                                                                                          • Instruction ID: 96772e2d981a999f830d8f2be875ffdfd37ddf65288394af17834f32f0253bdb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1a0533908c89ef885aceee5aad9b25cfa68407f02f229cd15f9bb3899651e2
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB21B121B0971341FE15B7169E8667ED251EF8AB84FE44479DD8D0B382DE3CE8438B20
                                                                                                                                                                                          Function 00007FF7279C29E0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$_wcsdup$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                          • API String ID: 2803985813-2699770090
                                                                                                                                                                                          • Opcode ID: 3776ee3f390f98e6fa595a897887c3135a6c1957ff1dd0ecaabfcf901ed3b9ae
                                                                                                                                                                                          • Instruction ID: 8f3c8624ef34ae0f04878ffbcf4d76570f26b2599961867e78c86098794e848c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3776ee3f390f98e6fa595a897887c3135a6c1957ff1dd0ecaabfcf901ed3b9ae
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8216435A0978345EA65FB52BD596EAA350EB8AB80FC40035EE8D47B46CE3CD0468F20
                                                                                                                                                                                          Function 00007FF8A8711924 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrlO_free_allO_int_ctrlO_method_typeO_newO_popO_pushO_s_socketO_up_refR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 2857342199-1080266419
                                                                                                                                                                                          • Opcode ID: afe129a1da331925c3ba9b75f75f9256d16665101ed034ab7058a5105b0c2eee
                                                                                                                                                                                          • Instruction ID: 11067717e5f1b3ae898ee2b6b47804d83379dd8d7f97becbe580ac4112560908
                                                                                                                                                                                          • Opcode Fuzzy Hash: afe129a1da331925c3ba9b75f75f9256d16665101ed034ab7058a5105b0c2eee
                                                                                                                                                                                          • Instruction Fuzzy Hash: C521E122A4FA0252EB55DB21E5527BD73A1EF84BC8F044131DE4C47B96CF2CE841C799
                                                                                                                                                                                          Function 00007FF7279C5EE0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                          • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                          • API String ID: 4189425833-927121926
                                                                                                                                                                                          • Opcode ID: aced84266b1116cf01a1f8414d88d64c1475f759b63b6d9b2a26f40b9068dc3c
                                                                                                                                                                                          • Instruction ID: a49495c6a28ac8b81f926a664b3bcb3e67f93a0b43eaf8110c74c01e90c30804
                                                                                                                                                                                          • Opcode Fuzzy Hash: aced84266b1116cf01a1f8414d88d64c1475f759b63b6d9b2a26f40b9068dc3c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9241F16170875355FE14FA229E457BA9364FB4ABC4FC44138EE8D0778ADE2CE1468F20
                                                                                                                                                                                          Function 00007FF7279C2350 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                          • Opcode ID: 5dbbb4ed8760b42e029378dd70d8568cfa1b2ea7843fc2a207ab38807a893700
                                                                                                                                                                                          • Instruction ID: e233c3c14035c28b56056a8149acc79a4325e252fcaef929c492211f1a8817f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dbbb4ed8760b42e029378dd70d8568cfa1b2ea7843fc2a207ab38807a893700
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8941A736215BA18AD7209F36E808779B7A1F788F99F484231EE8947B58DB3CD045CF20
                                                                                                                                                                                          Function 00007FF8A8741FF0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$X509_get0_pubkey
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                          • API String ID: 2083351937-2723262194
                                                                                                                                                                                          • Opcode ID: 758f28cdbd2ccb923fb728b149dfb51d1ee814eed399240e30ea96a7bbb1880f
                                                                                                                                                                                          • Instruction ID: 387fab575bfd0f1f803da0a94c8b43b86942864c93d86f5c6c144cbbffcec532
                                                                                                                                                                                          • Opcode Fuzzy Hash: 758f28cdbd2ccb923fb728b149dfb51d1ee814eed399240e30ea96a7bbb1880f
                                                                                                                                                                                          • Instruction Fuzzy Hash: FE418E22B5A98291EF00DB65E5502BDA360FBD8BC8F440231EA4E437AAEF7CD554C714
                                                                                                                                                                                          Function 00007FF8A8711CDF Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_puts$O_printf
                                                                                                                                                                                          • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                                                                                                                          • API String ID: 4098839300-1878088908
                                                                                                                                                                                          • Opcode ID: 6439ea0abf71c53b0b28808bb68b17e8a342f49eafa54fc74df7f6dff14ec5b0
                                                                                                                                                                                          • Instruction ID: 674e2a79b93d79fc8e17181ff53be14bd123b982d9ba95f31011e96cbb46695f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6439ea0abf71c53b0b28808bb68b17e8a342f49eafa54fc74df7f6dff14ec5b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A3108B5A8AA83B5FA84DB55D5007B8A3A4FF487C0F084170DE2D43699DF2CE460C728
                                                                                                                                                                                          Function 00007FF8A8740B50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error$Y_new
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$o
                                                                                                                                                                                          • API String ID: 2632022502-2060984337
                                                                                                                                                                                          • Opcode ID: b4e2002193e5270f6cb0f522eb2a9cea031549ee476cf656a9c34cd95f8dc690
                                                                                                                                                                                          • Instruction ID: 67fa665e7009028a80883f02276c4af797ad9e5f0ca0a2a97302ff932a65cbcb
                                                                                                                                                                                          • Opcode Fuzzy Hash: b4e2002193e5270f6cb0f522eb2a9cea031549ee476cf656a9c34cd95f8dc690
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4821A421B4A54292E750EB65F5013BD63A1EF89BC8F480031EB4C47B96DF2DD9518B18
                                                                                                                                                                                          Function 00007FF7279C5CC0 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 124stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$mallocstrncpy$callocfreestrlenstrncat
                                                                                                                                                                                          • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                          • API String ID: 257583877-1389504347
                                                                                                                                                                                          • Opcode ID: 3cf2119ca087e959d75e9174e0a084ff6bf52eb4513cc3ae2bb618c6a4807733
                                                                                                                                                                                          • Instruction ID: 0876c0f3dc9808a89a119c44a7ca7cbed6559b0f29eb58d1b3928b9d71b15559
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf2119ca087e959d75e9174e0a084ff6bf52eb4513cc3ae2bb618c6a4807733
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8241E472B0535356EA28FB229E455A9A751FF4ABC0F944035CF8D03786EE7CE0428B20
                                                                                                                                                                                          Function 00007FF8A87110EB Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 454COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_freeY_free$X_new
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                          • API String ID: 762765117-1853348325
                                                                                                                                                                                          • Opcode ID: f4343afbcf12128f5cc01bbde587fdb0aa201b54c81854f24e587dbeb17be2f0
                                                                                                                                                                                          • Instruction ID: 525117b34d5f280741e1cfc81f39e90d0b9cd466dcdc10e07a3d6711c4fbec8a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4343afbcf12128f5cc01bbde587fdb0aa201b54c81854f24e587dbeb17be2f0
                                                                                                                                                                                          • Instruction Fuzzy Hash: EC122532B1E682A2FB24CB11E4443BEA7A0FB847D4F545030EA8D56AD5DF7CE945C728
                                                                                                                                                                                          Function 00007FF8A8711A41 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                          • API String ID: 0-1853348325
                                                                                                                                                                                          • Opcode ID: 27d1466eff719b0577324f9a770f6c28553586702bfe742e8fd3f5b3479ee174
                                                                                                                                                                                          • Instruction ID: af79e76d0455ce82d779839ff01bced26d9a9518c5c61e8fc2a207f286c09e5d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27d1466eff719b0577324f9a770f6c28553586702bfe742e8fd3f5b3479ee174
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FC18F61F8A643A5FB68DA2294103BE2391EF85BC4F046031DE4D5BB99DF3DE542C728
                                                                                                                                                                                          Function 00007FF8A875EF10 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F0AB
                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F0BD
                                                                                                                                                                                          • BN_free.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F28B
                                                                                                                                                                                          • BN_free.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F293
                                                                                                                                                                                          • BN_free.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F29B
                                                                                                                                                                                          • DH_free.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F2A3
                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,00000000,?,..\s\ssl\statem\statem_clnt.c,?,00007FF8A875CFAA), ref: 00007FF8A875F2AB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_free$N_bin2bn$H_freeY_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 2982095754-1507966698
                                                                                                                                                                                          • Opcode ID: 4e494cb8bb5019ee3dec541ef5838f2fc5a0ec19a6087ec1e2a4d4f9df8139db
                                                                                                                                                                                          • Instruction ID: ac76bb92fef4f4916aaba78b21f4ed2b049fece721adc4f13211df50783fb173
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e494cb8bb5019ee3dec541ef5838f2fc5a0ec19a6087ec1e2a4d4f9df8139db
                                                                                                                                                                                          • Instruction Fuzzy Hash: 65A1E072A4E7C292EB249B25A8107BA6394FB89BD4F145230EE8C47B91DF3CE091C714
                                                                                                                                                                                          Function 00007FF8A871194C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_errorX509_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                          • API String ID: 785824201-2723262194
                                                                                                                                                                                          • Opcode ID: 69582a1d855e7b914acad6534438b30c5f7717f845d7e5f511cf41423f94229e
                                                                                                                                                                                          • Instruction ID: 7653c8cb17b89a68560dd02d432804fc195fe590b364a6e6131bd574d433d039
                                                                                                                                                                                          • Opcode Fuzzy Hash: 69582a1d855e7b914acad6534438b30c5f7717f845d7e5f511cf41423f94229e
                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31D722F4F692A6F760DA9295003BA6251FF88BC4F044031ED9D0BB96DF7DE5018768
                                                                                                                                                                                          Function 00007FF7279C7E60 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                          • API String ID: 1653872744-2573406579
                                                                                                                                                                                          • Opcode ID: 986c6a5c80ed7a44c127ec6f77dd0ea331600ecf95512dcf3895e6b9ac4bd1b4
                                                                                                                                                                                          • Instruction ID: 2409c6ca9fed3b1331e82e1bed52d6d8c3ab9d40fb9c2185182027afa50a5ebc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 986c6a5c80ed7a44c127ec6f77dd0ea331600ecf95512dcf3895e6b9ac4bd1b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D218131A18B0385FB60BB15FD943A6A254EB4A794FC44138E5CD466A8DF3DD547CF20
                                                                                                                                                                                          Function 00007FF8A8711032 Relevance: 15.3, APIs: 10, Instructions: 281COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrl$R_flagsX_cipher$D_sizeX_block_sizeX_md
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1400698538-0
                                                                                                                                                                                          • Opcode ID: 4ca2974128096a214107f2a6056e3b456719f43b31765e87fc24bcc2f2c6897f
                                                                                                                                                                                          • Instruction ID: ce4eafc18f7c163485d4537cf6aed550c52becb50b49fb4296a9f4f5c2dccd56
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ca2974128096a214107f2a6056e3b456719f43b31765e87fc24bcc2f2c6897f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60D1F262A4A7C195DB659F26D4003BD7BA1FB46BC8F188136DE8C5B386DF38D484C329
                                                                                                                                                                                          Function 00007FF7279C7820 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fclose$strlen$clearerrferror$_wfopenfreadfwritestrcpystrtok
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4076046571-0
                                                                                                                                                                                          • Opcode ID: f1f01b69aef68c06e9e70fd55aee25b71294b99b1491da4e0cddfadb5bcedc49
                                                                                                                                                                                          • Instruction ID: 56213ce1badd4a50d868c15fa835d3f23aa5b3bdbe1cdd42431a57e987a6bcf0
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1f01b69aef68c06e9e70fd55aee25b71294b99b1491da4e0cddfadb5bcedc49
                                                                                                                                                                                          • Instruction Fuzzy Hash: F121FA20F0934305FD1576221F9A6BAC1858F5BBD4F880174ED9E0BBC7ED1DA8038E60
                                                                                                                                                                                          Function 00007FF8A8777A50 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 255COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1 ref: 00007FF8A8777BBC
                                                                                                                                                                                          • EC_KEY_get0_group.LIBCRYPTO-1_1 ref: 00007FF8A8777BC4
                                                                                                                                                                                          • EC_GROUP_get_curve_name.LIBCRYPTO-1_1 ref: 00007FF8A8777BCC
                                                                                                                                                                                          • EVP_PKEY_get0.LIBCRYPTO-1_1 ref: 00007FF8A8777CC6
                                                                                                                                                                                            • Part of subcall function 00007FF8A8772AD0: EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1(00000000,00000000,?,?,?,00007FF8A8775276), ref: 00007FF8A8772C05
                                                                                                                                                                                            • Part of subcall function 00007FF8A8772AD0: EC_KEY_get0_group.LIBCRYPTO-1_1(00000000,00000000,?,?,?,00007FF8A8775276), ref: 00007FF8A8772C0D
                                                                                                                                                                                            • Part of subcall function 00007FF8A8772AD0: EC_GROUP_get_curve_name.LIBCRYPTO-1_1(00000000,00000000,?,?,?,00007FF8A8775276), ref: 00007FF8A8772C15
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: P_get_curve_nameY_get0_Y_get0_group$Y_get0
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                          • API String ID: 2351481120-1408384096
                                                                                                                                                                                          • Opcode ID: 0301c8233ff7bcaa53abf8c5077df8be11b5744cb58e21b489ab46e1c0175b38
                                                                                                                                                                                          • Instruction ID: 2f9c5a8941c3e6c5dea2f93b6e0ed11e5ff262ab9c35bb8ea8fcc87c0f9a3935
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0301c8233ff7bcaa53abf8c5077df8be11b5744cb58e21b489ab46e1c0175b38
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EB1C262A4B74693EA549E16E0443B937A0FB84BE8F184135DE0D477D4EF78E482C329
                                                                                                                                                                                          Function 00007FF7279D208B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                          • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                          • API String ID: 1485978544-2115465065
                                                                                                                                                                                          • Opcode ID: b9557004f0524d262707bb7fc782d70f623bc1a5677267840b492ac58e1267dd
                                                                                                                                                                                          • Instruction ID: b032f49d5bc5ee957fa7b473e636e5e26d7892df8d629dff05714fa82247f3a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: b9557004f0524d262707bb7fc782d70f623bc1a5677267840b492ac58e1267dd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A812A76A04B468EEB14EF6ACD846AD77E0F749B88B418536EF8C43B58DB38D401CB50
                                                                                                                                                                                          Function 00007FF7279C8050 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                          • API String ID: 1374691127-27947307
                                                                                                                                                                                          • Opcode ID: 6bbc0ba4ffa293201b058105104d12121239e842ce837a7650c7ed5be71df523
                                                                                                                                                                                          • Instruction ID: b8b4127cb4c10cb15e98d3f06d1e43b71f04742079e9d4b897e64331622b1a25
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bbc0ba4ffa293201b058105104d12121239e842ce837a7650c7ed5be71df523
                                                                                                                                                                                          • Instruction Fuzzy Hash: A621A431A09B0388FE20FB55AD957B69291EF4A794FC44139DA8D0A7D5DF3CD0068F20
                                                                                                                                                                                          Function 00007FF7279C7F60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                          • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                          • API String ID: 1374691127-3831141058
                                                                                                                                                                                          • Opcode ID: 60bce5cfbf4ebbe868c9b92fd4d390395c4c3dbea5f1e897952f1e40fe61ac59
                                                                                                                                                                                          • Instruction ID: 14bc00db5db3a8ed9f6d1eb58bb31dacef08fd75da0851f440d497acf88ad006
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60bce5cfbf4ebbe868c9b92fd4d390395c4c3dbea5f1e897952f1e40fe61ac59
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D21D132A1C70348FB50BB15AE957A6A2A0EB4A3D4FC44239E98D467D5DF3CE106CF20
                                                                                                                                                                                          Function 00007FF8A8725CEF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$b
                                                                                                                                                                                          • API String ID: 1767461275-2522393336
                                                                                                                                                                                          • Opcode ID: fd1d3794e3a92b4deefbb9211fb4da4641c8640cdd1d5248c33bdde61c5bff35
                                                                                                                                                                                          • Instruction ID: 0e9a0d7d29b033fc794dee2990cbdbad091cd0a9b1c5f8e40d29ab73f0fe9722
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd1d3794e3a92b4deefbb9211fb4da4641c8640cdd1d5248c33bdde61c5bff35
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9321C031B4E942A2F761EB61E5407B962D1EB84BC4F440536EE4D07B95EF3CE5028B38
                                                                                                                                                                                          Function 00007FF7279C7B80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                          • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                          • API String ID: 4278403329-2782260415
                                                                                                                                                                                          • Opcode ID: a6d664074ed8b2f5cc0d17a13efe81265440fe0574e0d28e99d721a4b950a2f3
                                                                                                                                                                                          • Instruction ID: 7341bf303682eb3406465b0b8553104a7007bdf66763ce922e14933187c6fce7
                                                                                                                                                                                          • Opcode Fuzzy Hash: a6d664074ed8b2f5cc0d17a13efe81265440fe0574e0d28e99d721a4b950a2f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3011AF31A197038AEA11BB55AE845B5A250EF4BB90FD44238D99D473D1EE3CB486CF20
                                                                                                                                                                                          Function 00007FF8A873BC70 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorT_freed2i_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4245524859-0
                                                                                                                                                                                          • Opcode ID: 5ac87df2d3e065e92e8881cbe1f2a9fb799263a04d341fb3799bb782bc645414
                                                                                                                                                                                          • Instruction ID: 80ab8d9fa857781359af2da79d63c2c102352a2f927e8a02cff48a30006f842d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ac87df2d3e065e92e8881cbe1f2a9fb799263a04d341fb3799bb782bc645414
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E210011F5F76222EE15AA6664517791AD0EFC8BD0F088035EE0D4BB82EF7CE4018768
                                                                                                                                                                                          Function 00007FF8A873CBC0 Relevance: 13.6, APIs: 9, Instructions: 68COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$E_dupL_sk_insertL_sk_new_nullL_sk_valueX509_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 267177147-0
                                                                                                                                                                                          • Opcode ID: 5287aba897fe34a1fcca4d1d8d96223fb7cde2f2ee089342e9ab99d91da408e5
                                                                                                                                                                                          • Instruction ID: 73dee76b5d168e97bb743985b56f82c8749b986d094973aa09529d9bc6edf222
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5287aba897fe34a1fcca4d1d8d96223fb7cde2f2ee089342e9ab99d91da408e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4921C521B4F74264FB54EB2655802BA6290EF89FC0F185030EE4D47B86DF2CE051C728
                                                                                                                                                                                          Function 00007FF7279C8220 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                          • String ID: %s%s: %s$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                          • API String ID: 1374691127-2292745976
                                                                                                                                                                                          • Opcode ID: bc1d4403f4c97f719fd50f6d844f70a26d2507ac53186a9bf0b4d7077fd3ac10
                                                                                                                                                                                          • Instruction ID: 4e59dc52a2bc05508fb8595c1e76641b5f965b04ca622e0c85b2d8f75ce8eabd
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc1d4403f4c97f719fd50f6d844f70a26d2507ac53186a9bf0b4d7077fd3ac10
                                                                                                                                                                                          • Instruction Fuzzy Hash: C811A121A09B4348EE20BB65AE55A759651EF4F7D4FC84239C98C066D1EE3CE0068F20
                                                                                                                                                                                          Function 00007FF8A8711FD7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: i2d_$L_sk_numX509_$L_sk_value
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                          • API String ID: 917959868-592572767
                                                                                                                                                                                          • Opcode ID: c3c255ee72e8dc28f7e0f5ad3abcd32766784a0d2bd7d65d3694f9c9ae34d130
                                                                                                                                                                                          • Instruction ID: 4f2827c31aa7b35d55f3150be224cd163c9462f280d42edd1779803f03324618
                                                                                                                                                                                          • Opcode Fuzzy Hash: c3c255ee72e8dc28f7e0f5ad3abcd32766784a0d2bd7d65d3694f9c9ae34d130
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5051B261B8F64261FB20AAA294003BE6395EFC5BC4F144031DD4D8BB95DF3DE9429739
                                                                                                                                                                                          Function 00007FF8A8759E10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Y_free$H_get0_keyN_bn2binN_num_bitsY_get0_
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 2719771601-1507966698
                                                                                                                                                                                          • Opcode ID: 22c88816910da411fa46c432b8266cba31a2f9c4576e17f505b31b0102581fa8
                                                                                                                                                                                          • Instruction ID: f773823dc6fc64403c1f9f29ed128160abb78ff61838dab33dcb508ee685551a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22c88816910da411fa46c432b8266cba31a2f9c4576e17f505b31b0102581fa8
                                                                                                                                                                                          • Instruction Fuzzy Hash: DB31B462B8A68195EB649B12F8007B96791EB88BC4F085131EA8D4BF95DF3CE501C728
                                                                                                                                                                                          Function 00007FF8A873DD40 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_sizeDigestFinal_exX_copy_exX_freeX_mdX_new
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 2082763299-1080266419
                                                                                                                                                                                          • Opcode ID: ad77977b52e3e84a55675214eeb901b9bd41a6527611301d6633d76eb7e555a8
                                                                                                                                                                                          • Instruction ID: 20d8c16dc2f6a33c99875c186756f0c2aaf7100bfa74227414d17a2d760db5f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad77977b52e3e84a55675214eeb901b9bd41a6527611301d6633d76eb7e555a8
                                                                                                                                                                                          • Instruction Fuzzy Hash: C421C222B4F79261EB50EA12B80066A6A90EF44BD4F088431EE4D4BBA5DF7CD041C729
                                                                                                                                                                                          Function 00007FF8A873BF00 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_popL_sk_push$L_sk_new_nullR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 531138727-1080266419
                                                                                                                                                                                          • Opcode ID: 47f8a990c43ce1483deb2d7ee7dff604a62f152148f98c5c6c9943a4bd3ef91d
                                                                                                                                                                                          • Instruction ID: 9705bf3fff6a0a47e953c413c2ee66899324114ebf2efa28bcedf7f18602b580
                                                                                                                                                                                          • Opcode Fuzzy Hash: 47f8a990c43ce1483deb2d7ee7dff604a62f152148f98c5c6c9943a4bd3ef91d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A214221A4B64361EB16DB1594012796395EF88BC4F049535FF8C47BA5DF3CE411CB29
                                                                                                                                                                                          Function 00007FF7279C15E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                          • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                          • API String ID: 384173800-1835852900
                                                                                                                                                                                          • Opcode ID: 206c5e6c475d56e5082d1760a3a3e55525d2eb39a59ca763ef62e6f150766718
                                                                                                                                                                                          • Instruction ID: 0b28c67d28405308f8584e0047c8e0d7c314c88522a785476357e24d9a690222
                                                                                                                                                                                          • Opcode Fuzzy Hash: 206c5e6c475d56e5082d1760a3a3e55525d2eb39a59ca763ef62e6f150766718
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3401D360A49F5791EA21BB15EF54074A764FB5A794FC84035C98D03264EE2CE607CF24
                                                                                                                                                                                          Function 00007FF8A872EDB0 Relevance: 12.1, APIs: 8, Instructions: 114COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbynameR_block_sizeR_flagsR_iv_length
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4211416117-0
                                                                                                                                                                                          • Opcode ID: 820bd310bc987b47bbd29bdb3456714c5387236caa37f4ffd66f9bd617770e5e
                                                                                                                                                                                          • Instruction ID: 0bebb1c533ebb2fde0159303209a075a76bc9082d16c76bf883d565ddac330df
                                                                                                                                                                                          • Opcode Fuzzy Hash: 820bd310bc987b47bbd29bdb3456714c5387236caa37f4ffd66f9bd617770e5e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5041C323E4B652A6FB64AB15945427862D8EF48BD0F940531EE4D437E3EF7CE8428378
                                                                                                                                                                                          Function 00007FF8A8713AB0 Relevance: 12.1, APIs: 8, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3836630899-0
                                                                                                                                                                                          • Opcode ID: 3871330ddc1fb52b9fbedb46d79d72dc9a7f28f2e9602a1e25385491669f7eed
                                                                                                                                                                                          • Instruction ID: 302b696d2be83b8b827edbcf9ffcc3907244f27ea7cb3b4f35569d2a912b0b9d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3871330ddc1fb52b9fbedb46d79d72dc9a7f28f2e9602a1e25385491669f7eed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6831B322F4E60262E769EB26A54127D6291EF40BD8F104431DD0D47F9ADF3CE842C368
                                                                                                                                                                                          Function 00007FF7279C6520 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 157COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                          • API String ID: 1294909896-1126984729
                                                                                                                                                                                          • Opcode ID: 39e03421cf756a880dd5901fcc54e14ca1b3907a6e85fa14d331b893e1ef5aef
                                                                                                                                                                                          • Instruction ID: 198c443777c12a94aa4e8700bb934ad2753653f305be596c511a6bd54dafdc6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 39e03421cf756a880dd5901fcc54e14ca1b3907a6e85fa14d331b893e1ef5aef
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA71F736608B4786EB10AF65ED58369A360FB4AF85F944136DE8E47364DF3CD10ACB60
                                                                                                                                                                                          Function 00007FF8A873ECA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FF8A873ED14
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FF8A873ED2B
                                                                                                                                                                                          • CT_POLICY_EVAL_CTX_new.LIBCRYPTO-1_1 ref: 00007FF8A873ED4F
                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FF8A873ED7C
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: SCT_LIST_free.LIBCRYPTO-1_1 ref: 00007FF8A8737C53
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: d2i_OCSP_RESPONSE.LIBCRYPTO-1_1 ref: 00007FF8A8737CA8
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_response_get1_basic.LIBCRYPTO-1_1 ref: 00007FF8A8737CB8
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_resp_count.LIBCRYPTO-1_1 ref: 00007FF8A8737CCA
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_resp_get0.LIBCRYPTO-1_1 ref: 00007FF8A8737CD8
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_SINGLERESP_get1_ext_d2i.LIBCRYPTO-1_1 ref: 00007FF8A8737CF0
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_resp_count.LIBCRYPTO-1_1 ref: 00007FF8A8737D18
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: SCT_LIST_free.LIBCRYPTO-1_1 ref: 00007FF8A8737D24
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_BASICRESP_free.LIBCRYPTO-1_1 ref: 00007FF8A8737D2C
                                                                                                                                                                                            • Part of subcall function 00007FF8A87124D2: OCSP_RESPONSE_free.LIBCRYPTO-1_1 ref: 00007FF8A8737D34
                                                                                                                                                                                          • CT_POLICY_EVAL_CTX_free.LIBCRYPTO-1_1 ref: 00007FF8A873EE4B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_numP_resp_countT_free$E_freeL_sk_valueP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicX_freeX_newd2i_
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 382793502-1080266419
                                                                                                                                                                                          • Opcode ID: 9f104f3394336e248a06bdfad8182fbc7d949da42687ce6875a499c25a1223f6
                                                                                                                                                                                          • Instruction ID: 41a9228300356e5ed278ee6b6af3966117af023be7282d655bc2918db1b720eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f104f3394336e248a06bdfad8182fbc7d949da42687ce6875a499c25a1223f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C41C522B8F64266FA64AB1194503BD6750EF85FC4F888035DE4D4BB95CF3CE4428729
                                                                                                                                                                                          Function 00007FF8A8711BCC Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 90COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_cleanse
                                                                                                                                                                                          • String ID: $ $0$extended master secret$master secret
                                                                                                                                                                                          • API String ID: 1040887069-741269486
                                                                                                                                                                                          • Opcode ID: 393769c40ecb4b6c435d37cba0897ed25c4dd0886ec3de41fe728c38848c6237
                                                                                                                                                                                          • Instruction ID: f62db36a614c98411c7a2a8ea3b7d495155f4b04e4a4c699d4408bc7e74ecaa5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 393769c40ecb4b6c435d37cba0897ed25c4dd0886ec3de41fe728c38848c6237
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2341477265AB81A1E760CB11F8403AAB7E4FB887C4F148134EACC46BA9DF7CD055CB14
                                                                                                                                                                                          Function 00007FF8A8772CF0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 88COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: J_sn2nid
                                                                                                                                                                                          • String ID: DSA$ECDSA$PSS$RSA$RSA-PSS
                                                                                                                                                                                          • API String ID: 1172147710-2025297953
                                                                                                                                                                                          • Opcode ID: 7097399078b95809bb58880c5345e94904c58ddadf4c586de5a7e66d43202429
                                                                                                                                                                                          • Instruction ID: 72be13da67c524cb48e9a49403e339627f27ac278976a54eef22cd9b456309bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7097399078b95809bb58880c5345e94904c58ddadf4c586de5a7e66d43202429
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64316962E5E58195EB968F15F04077C3BA0EB46BC0F484031D7AF06A8ADF6CD991CB28
                                                                                                                                                                                          Function 00007FF7279C7470 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                          • String ID: _MEIPASS2
                                                                                                                                                                                          • API String ID: 3789554339-3944641314
                                                                                                                                                                                          • Opcode ID: ae904475f95b9b525b4a1c4ab55824611789b8ddad0aa88552ba296455b348e2
                                                                                                                                                                                          • Instruction ID: f9d4e20cd21ae7388f01fb68cad9330f8778ffc2f7a56eb035df3ed1a0cc7cd7
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae904475f95b9b525b4a1c4ab55824611789b8ddad0aa88552ba296455b348e2
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD219151B0874358ED10B712AE056BAD251FB4BBE0FC84535EE9D077CAED3DD4428E24
                                                                                                                                                                                          Function 00007FF8A8711B1D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                          • API String ID: 2618924202-2723262194
                                                                                                                                                                                          • Opcode ID: b52bce63b32edf11eb13fedb9386755e62e2f199134a7f00cfc40428c88927b4
                                                                                                                                                                                          • Instruction ID: 6dba2a0fc521fa80a58bd272351e077d2c149a5a497107f290ac4502827f5aec
                                                                                                                                                                                          • Opcode Fuzzy Hash: b52bce63b32edf11eb13fedb9386755e62e2f199134a7f00cfc40428c88927b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F31B121E4F69292F764AF5294006BA7291FB88BC4F444035EE8D0BB96CF3DF5158B68
                                                                                                                                                                                          Function 00007FF8A872BD60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                          • API String ID: 732311666-349359282
                                                                                                                                                                                          • Opcode ID: bf305ba9b34b98b788a8d0f6eb7e02a5e64e466c1135b502335cb414d8549ec6
                                                                                                                                                                                          • Instruction ID: c442c6c5587b5b9b04d00cd89613ba5e55ef5ce3d2ae52b952ed7921f7bf689f
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf305ba9b34b98b788a8d0f6eb7e02a5e64e466c1135b502335cb414d8549ec6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C21D622B4E681D5E751DB25A8403F96390FF84BD0F040531EE4C47BA6DF3CD4428728
                                                                                                                                                                                          Function 00007FF8A873DA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_put_errorX509_free
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1042751175-1080266419
                                                                                                                                                                                          • Opcode ID: f9156d42fc8ceb713e0273c8f2194505f6cb773dc267014d350ae483b8bbc5a3
                                                                                                                                                                                          • Instruction ID: f7a42d53c295a90dec97feed070277e7e4197e64362c691baa23d8e76745d80f
                                                                                                                                                                                          • Opcode Fuzzy Hash: f9156d42fc8ceb713e0273c8f2194505f6cb773dc267014d350ae483b8bbc5a3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56318132649B8292E715DB21D4503AEBBA1FB85BC4F088435EE8D47796DF3CD550CB24
                                                                                                                                                                                          Function 00007FF7279C5910 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen
                                                                                                                                                                                          • String ID: %U?%llu$Failed to append to sys.path$Installing PYZ: Could not get sys.path$path$strict$utf-8
                                                                                                                                                                                          • API String ID: 39653677-2762566162
                                                                                                                                                                                          • Opcode ID: 3a5bb6adef67a2d12accd79b997b4f3f30a3bed5eb422a19f25dd91bc2cdfab1
                                                                                                                                                                                          • Instruction ID: e78b81f2d878c74b2bd820b45efb41270ea55dedb7e33c6a11d3b00682222487
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a5bb6adef67a2d12accd79b997b4f3f30a3bed5eb422a19f25dd91bc2cdfab1
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE114F36A09B1781EE01BB1AEE440A8A360EB4AFD4BD44136DD5D43361EE3CD547CB10
                                                                                                                                                                                          Function 00007FF8A8711B45 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_numL_sk_value$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 420811412-0
                                                                                                                                                                                          • Opcode ID: 47b4072a4124a7f61a8f71d258181b326220254ac2c4607e17c4381a4f8c122a
                                                                                                                                                                                          • Instruction ID: f18ede32152490774318ac5b01abf69e37a235ba303d652536ad5c67b9320c16
                                                                                                                                                                                          • Opcode Fuzzy Hash: 47b4072a4124a7f61a8f71d258181b326220254ac2c4607e17c4381a4f8c122a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A31D722B5B28266F764961668417BA6690FF85BC4F404031FE8D93BA6DF3CD401DB28
                                                                                                                                                                                          Function 00007FF7279C7690 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 102stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen$ByteCharMultiWidefreememsetstrcpystrtok
                                                                                                                                                                                          • String ID: WARNING: file already exists but should not: %s
                                                                                                                                                                                          • API String ID: 901113649-146164175
                                                                                                                                                                                          • Opcode ID: b03c838496722d74d55c3bea5b3e4d96dbd5f9479818e46190b137478333adda
                                                                                                                                                                                          • Instruction ID: 883209eaf6204e56d89035d726c5300167e39eee389be6dd649343f7389f235b
                                                                                                                                                                                          • Opcode Fuzzy Hash: b03c838496722d74d55c3bea5b3e4d96dbd5f9479818e46190b137478333adda
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64313A22B08A4344FD21B712AE4A6FAC251DF4ABD4FC84036ED8D46786DE2CE147CE60
                                                                                                                                                                                          Function 00007FF8A8737E90 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$L_sk_freeL_sk_new_nullL_sk_pushL_sk_value
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1173513325-0
                                                                                                                                                                                          • Opcode ID: 4da740d25c2825872fa485b01caa17a3f09dc52885b8b7972d72c12d835a8235
                                                                                                                                                                                          • Instruction ID: 6b78f0cf90f49fe7f53086b3e006110b74aa0429ba9e45ed6559abf202c8fe2a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4da740d25c2825872fa485b01caa17a3f09dc52885b8b7972d72c12d835a8235
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D218111F8F65761FB95AA2654413BA5290EF84FC4F089034FE8D4BB96DF2CE8438729
                                                                                                                                                                                          Function 00007FF7279C75B0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: wcscatwcscmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3846154227-0
                                                                                                                                                                                          • Opcode ID: 59ba39cb8388809d39cca7b8102d7b0fbf420e8e659ed49af9f2976c08d04bed
                                                                                                                                                                                          • Instruction ID: e7af6863205d93858a790baf3cf7ba2a22d983469c8c9fc4c5257685e65aeb9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 59ba39cb8388809d39cca7b8102d7b0fbf420e8e659ed49af9f2976c08d04bed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19116020A0878355FE64BB229F156B99284DF4AFC4FC84035DE8E46286EE2DE5439E35
                                                                                                                                                                                          Function 00007FF8A873BBA0 Relevance: 9.0, APIs: 6, Instructions: 33COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2268491255-0
                                                                                                                                                                                          • Opcode ID: 44855870ceade7a4ab3ecbe8a03690fb9cec8cc02717d41dfc695da2fe052186
                                                                                                                                                                                          • Instruction ID: f64c1a27c3180a4c20a76ef581e309db38af59a07a1dc71caaca89316c080bca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44855870ceade7a4ab3ecbe8a03690fb9cec8cc02717d41dfc695da2fe052186
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F01256254AA8151D741AF61D9513BC6394EF84FCCF084035EF4D4B6AACF289450C339
                                                                                                                                                                                          Function 00007FF8A87119B0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 0-1507966698
                                                                                                                                                                                          • Opcode ID: 0c011f8b7f34282e96d597a8a80a3ee51135cd850614b19c297d63ecfffc2844
                                                                                                                                                                                          • Instruction ID: 218a6dc5e5e4bd5c2fe95c1918c5549c524f2cd15a41ff42719a940fa7053208
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c011f8b7f34282e96d597a8a80a3ee51135cd850614b19c297d63ecfffc2844
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12B1A161B8E64291FBAA9B22D4003BE6690EF84BC4F186035DE4D5BBD5DF3CE5418738
                                                                                                                                                                                          Function 00007FF8A8712036 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: E_load_ssl_client_cert
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 2904557448-1507966698
                                                                                                                                                                                          • Opcode ID: f0ca030fa4f1cbf58c94224b1e67fecb90c9b64d4dee19a33429269d86c684fa
                                                                                                                                                                                          • Instruction ID: 47c77987c986aa10cca99841d10ff7806f1773bc6aac5cd26795bbaec0ed20a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0ca030fa4f1cbf58c94224b1e67fecb90c9b64d4dee19a33429269d86c684fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7461B372A4EB8292EB558F12E4403BD63A1EB84BD4F181035EE4D47B99DF7CE441CB28
                                                                                                                                                                                          Function 00007FF7279D2388 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fwprintf$fputwc
                                                                                                                                                                                          • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                          • API String ID: 2988249585-4054516066
                                                                                                                                                                                          • Opcode ID: 236d62e54308b3a28ebbaa7cc6c460c39dadfba115f11693d126707a53da73b9
                                                                                                                                                                                          • Instruction ID: 94d18bcd5cb4ca7a0d0b0fbf661959d4c9b92ced87a8bdb8775c8ceb6c0c07cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 236d62e54308b3a28ebbaa7cc6c460c39dadfba115f11693d126707a53da73b9
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5710C76A04B4ACFD720EF2AC9855ADB7E0F749B98B418526EE8C87758DB38D401CF50
                                                                                                                                                                                          Function 00007FF7279CD860 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: CCG
                                                                                                                                                                                          • API String ID: 0-1584390748
                                                                                                                                                                                          • Opcode ID: 7ff9c4a6875b0bc59686fc59d813df51d4b7448f307ce77c8d0066e43a6c50d8
                                                                                                                                                                                          • Instruction ID: b165383f0a95788505483b20d95741deac5517b2cecb9d7d7916aac28f70bd6d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ff9c4a6875b0bc59686fc59d813df51d4b7448f307ce77c8d0066e43a6c50d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82416871A087038AFF10AB59CE4437C6260EB4E754F544A39DA6D477E5DE3CD5428F21
                                                                                                                                                                                          Function 00007FF8A8711ADC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueX509_i2d_
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                          • API String ID: 3754435392-2839845709
                                                                                                                                                                                          • Opcode ID: 65d8deee70154f053cc6f33636507a4df70b03b3805c42fba857438a21c57b60
                                                                                                                                                                                          • Instruction ID: df4b39347344664e4aa77267ab33a60e3324a0249df9c84133bda941af6e5a37
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65d8deee70154f053cc6f33636507a4df70b03b3805c42fba857438a21c57b60
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4431C821B5F74265FB61DB22A4102BAA794EF85BD0F040530ED8C47B96EF7CE9418738
                                                                                                                                                                                          Function 00007FF8A873EF00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: 664da3bb5ebbb6a6094b7c89baa944a8a636ad8bd96706cea84dd4dfea61b1f4
                                                                                                                                                                                          • Instruction ID: c4020668bc30d13036e14a841bbce3cd8553ebab97c2d9ebcffee65c9f7cade7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 664da3bb5ebbb6a6094b7c89baa944a8a636ad8bd96706cea84dd4dfea61b1f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7931BD32A4AB8296E320AF14E4043A97760FB84BC4F548135EB9D47BE5CF7DE441CB28
                                                                                                                                                                                          Function 00007FF8A8711C44 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: feaf4211dbf536bc8def34518951488ea76392c6826d00b827b690999808d9c2
                                                                                                                                                                                          • Instruction ID: a6e0dc7752dadef1fa93735df3b32ead04a2bf9674c59b8e8cedfde05bf50370
                                                                                                                                                                                          • Opcode Fuzzy Hash: feaf4211dbf536bc8def34518951488ea76392c6826d00b827b690999808d9c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4131C632A4AA81A2F7608B24E4407BE23A0FB45BD8F548234DB5C4B7E5DF3DD545DB18
                                                                                                                                                                                          Function 00007FF7279C6EF0 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strlen$malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3157260142-0
                                                                                                                                                                                          • Opcode ID: 4955066d3cce33736512b31498edfa5dc3b972d623160f6d5b49132c35bd312c
                                                                                                                                                                                          • Instruction ID: 487a495813513ecc2dabaeae2f97988629ff900a92b1d58f62fdbcb1dad53306
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4955066d3cce33736512b31498edfa5dc3b972d623160f6d5b49132c35bd312c
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4114F11B0A35354FD5ABA531F56A7AC5859F4FFD4D888478ED8D0A782FD2CA4438E20
                                                                                                                                                                                          Function 00007FF8A877BC20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_ucmp$N_is_zeroN_num_bits
                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                          • API String ID: 1527310491-1778748169
                                                                                                                                                                                          • Opcode ID: 65f4d77ecd700fa8f3cab1ee0ba0c6f33d99929f34c276842e1a8ee588a81d12
                                                                                                                                                                                          • Instruction ID: 54d24a087d2a3e9b84f64f287e3d8599a7baa038b9bc0ca13af38a701ccc5e39
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65f4d77ecd700fa8f3cab1ee0ba0c6f33d99929f34c276842e1a8ee588a81d12
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00214F61B4F68291FB519A21D8403B923A0EBC8BC8F584431DE0C8BB95DF3DE541CB68
                                                                                                                                                                                          Function 00007FF8A8711DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_put_errorX509_up_ref
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                          • API String ID: 1254856836-349359282
                                                                                                                                                                                          • Opcode ID: a157bb09e600f02e2f9732b1e0c9f260522da547fdbe89928c6bbe9f46d3c201
                                                                                                                                                                                          • Instruction ID: 3f471b55a6fa1d7c7fefdf5fa4f5074bce3b99f089c420c29cdd8aebf4fbcb21
                                                                                                                                                                                          • Opcode Fuzzy Hash: a157bb09e600f02e2f9732b1e0c9f260522da547fdbe89928c6bbe9f46d3c201
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA118C21B4B64291FF96DB25A4503B952E0EF48BC4F480135DF1C47B95EF3CE8408628
                                                                                                                                                                                          Function 00007FF8A8724E60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newX_free
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                          • API String ID: 3686289451-1839494539
                                                                                                                                                                                          • Opcode ID: bdc71f935df0f2d3ea3887a0f30e4cf6aa9ea9af759c96416e0cd263afb7ac85
                                                                                                                                                                                          • Instruction ID: 2c2be0abdf9be9e303f24c405cc7fc8c54ab56cb20c3b8ee14a0fe8055514b05
                                                                                                                                                                                          • Opcode Fuzzy Hash: bdc71f935df0f2d3ea3887a0f30e4cf6aa9ea9af759c96416e0cd263afb7ac85
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29115632B1A781A5EB81DB21E4503EC33A0FB88BC8F488531DE8D0BB65DF39D5848714
                                                                                                                                                                                          Function 00007FF8A873C020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_numL_sk_valueR_put_errorT_get_validation_status
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 2393801384-1080266419
                                                                                                                                                                                          • Opcode ID: ad87b41ed8e5b4d91ebea544e417ce0fa30628a79d22aa4c8b7654e1c8d39680
                                                                                                                                                                                          • Instruction ID: 9295bb620f082e3b7a0ff265d9a7400b4efe994cd6a5fae87a46286ec9a626b0
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad87b41ed8e5b4d91ebea544e417ce0fa30628a79d22aa4c8b7654e1c8d39680
                                                                                                                                                                                          • Instruction Fuzzy Hash: FE014C35F4E65252F7148759E4412BA5261EFC5BC4F248030EB6C477DACF3ED8418728
                                                                                                                                                                                          Function 00007FF8A8731C10 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_freeO_ctrlO_freeO_newO_s_file
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1469330667-0
                                                                                                                                                                                          • Opcode ID: 0042054431d6c60f6d3db2821f9201866da266e62d5e21131d509b05ca79e676
                                                                                                                                                                                          • Instruction ID: 4d4edc66a4e53143d658207adb3c7cdc128774053bc738718f0f9fd3c2a31952
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0042054431d6c60f6d3db2821f9201866da266e62d5e21131d509b05ca79e676
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F210322B4B64156FA95DA57A81177963E0EF84FC0F049131FE9D47B42EF38E812C768
                                                                                                                                                                                          Function 00007FF7279C8320 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\al, xrefs: 00007FF7279C8322
                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI65682, xrefs: 00007FF7279C8321
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$ByteCharMultiWidecalloc
                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\al$C:\Users\user\AppData\Local\Temp\_MEI65682\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI65682\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI65682
                                                                                                                                                                                          • API String ID: 3975185072-3840050548
                                                                                                                                                                                          • Opcode ID: ddc5cfcab7818c25c7342d1e32683d846d96bc840c19c6eff558ce4684ea3ba0
                                                                                                                                                                                          • Instruction ID: d7e85a8e5721aa6bf09a020944b0cf27f3d40b3f5941ab8fef65abc24fb63238
                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc5cfcab7818c25c7342d1e32683d846d96bc840c19c6eff558ce4684ea3ba0
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB01E122B0671341EE217719AA52BB99145DF4ABD4F895434DF8D03781EE3CE4828A20
                                                                                                                                                                                          Function 00007FF7279C2920 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1200242243-0
                                                                                                                                                                                          • Opcode ID: 1c0ad47b6dc5fc485c8fba458f7570b56aa546392ee80a1f5e1caaed3567c9ac
                                                                                                                                                                                          • Instruction ID: 6ff865cc9ca81677aaf83dc089ff33c91d048026f114deb384c3fb962e9a631c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c0ad47b6dc5fc485c8fba458f7570b56aa546392ee80a1f5e1caaed3567c9ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA01A160E1D32742FA6873266F442BE9181EB9FF51FD44474C9CA41A94CC2C68C34E21
                                                                                                                                                                                          Function 00007FF8A8711F46 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                          • Opcode ID: cfd89f52ebe70ceed7983481f1aba6d32456500a5a5535677183bd620f305abe
                                                                                                                                                                                          • Instruction ID: 53d3fc33e53b71ab84e234ee97695132d0b8801b88e496b103bf61bbc39f67e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: cfd89f52ebe70ceed7983481f1aba6d32456500a5a5535677183bd620f305abe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F018B01E8FA0260FF86A635A95537991D0DF49BC4F144030E90D4A7D2FF2CE4428329
                                                                                                                                                                                          Function 00007FF8A87630C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrlmemcpy
                                                                                                                                                                                          • String ID: $..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                          • API String ID: 2266715306-830051739
                                                                                                                                                                                          • Opcode ID: d757a6376fe1c489b74ad65ac18f8ee1954cdf65887604a99235a8fc60f655b4
                                                                                                                                                                                          • Instruction ID: 3d2c17e349b14b90ef7dbf4910bb7b1ed4dd3c9bde0c65b5f985ed7f51e7afc1
                                                                                                                                                                                          • Opcode Fuzzy Hash: d757a6376fe1c489b74ad65ac18f8ee1954cdf65887604a99235a8fc60f655b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC41A772A0AB81A6EB548B19E88027DB7A0FB44BC4F144136DB8C87B95CF39D4A5C718
                                                                                                                                                                                          Function 00007FF8A8711E8D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: 22115867e9bdc90c0b0ee46f8f2ccba984f57112110115d04254e0b3e02426c0
                                                                                                                                                                                          • Instruction ID: 9a22eee02273e266e2ad748d4c367452424f40d158f85217052f4abda2dac4fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22115867e9bdc90c0b0ee46f8f2ccba984f57112110115d04254e0b3e02426c0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5931C572B9E141A6F7768A10D8143F92690EF84788F444138DA4D4ABD0CF7DE580CB2A
                                                                                                                                                                                          Function 00007FF8A872CA7E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: GOST01$IDEA(128)$SHA256
                                                                                                                                                                                          • API String ID: 3142812517-4064199452
                                                                                                                                                                                          • Opcode ID: 0081804d5951e25ee2a13b140437cdbd1372c614aa97c468c357874e200097bc
                                                                                                                                                                                          • Instruction ID: 74cc018dc8b4c92a32a314e1b5cf8543e00d5b0845e357675bd107c08e73143e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0081804d5951e25ee2a13b140437cdbd1372c614aa97c468c357874e200097bc
                                                                                                                                                                                          • Instruction Fuzzy Hash: A8116322CCEA42A1E3759728A48817962E0EBA13D4F450172DD4D12AA49F3DE980936C
                                                                                                                                                                                          Function 00007FF8A872CA87 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: GOST12$IDEA(128)$SHA256
                                                                                                                                                                                          • API String ID: 3142812517-3478822438
                                                                                                                                                                                          • Opcode ID: 2657a3a5e4d4d28e041b8e7fb8e20a1ff1ab77de301a8a91245b7607df0775eb
                                                                                                                                                                                          • Instruction ID: e5fefd9c5d1861e653b551a143507c703abfe67479c199b28ee6db573171d548
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2657a3a5e4d4d28e041b8e7fb8e20a1ff1ab77de301a8a91245b7607df0775eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E116622CCE64361E3759728A58817962E0EBA13D4F450172CD4D12AA49F3DE980936C
                                                                                                                                                                                          Function 00007FF8A872CA90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: IDEA(128)$SHA256$any
                                                                                                                                                                                          • API String ID: 3142812517-1956614738
                                                                                                                                                                                          • Opcode ID: 6a864da8912e5533e2256bc16630b8cc7e9510c92145bd87db4d0fcb95005123
                                                                                                                                                                                          • Instruction ID: 0c899ba05be521c7dbd8159b5a60b8ea070a81cc38cf1a2d7c791b6110c766a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a864da8912e5533e2256bc16630b8cc7e9510c92145bd87db4d0fcb95005123
                                                                                                                                                                                          • Instruction Fuzzy Hash: 53116022CCEA43A1E3759728A58817962E0EBA13D4F450172CD4D12AA4AF3DEA80936C
                                                                                                                                                                                          Function 00007FF8A872CA55 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: DSS$IDEA(128)$SHA256
                                                                                                                                                                                          • API String ID: 3142812517-3841199953
                                                                                                                                                                                          • Opcode ID: 3d2fd7bf93b3df9050172ef9cebf7ebb29588b6bba50f17e8a696d8ae700d946
                                                                                                                                                                                          • Instruction ID: d4778a8f92868e74633bcc02f7d091463a27979eb5ab8c847e4154c347582dc7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d2fd7bf93b3df9050172ef9cebf7ebb29588b6bba50f17e8a696d8ae700d946
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF116022CCEA42A1E3759728A48817962E0EBA13D4F450172CD4D12AA4AF3DEA81936C
                                                                                                                                                                                          Function 00007FF8A872CA63 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: ECDSA$IDEA(128)$SHA256
                                                                                                                                                                                          • API String ID: 3142812517-1715931570
                                                                                                                                                                                          • Opcode ID: 8f9e42904fc853de33595d070cc727ff6a7eecac5b7ed14b1821419205f960ce
                                                                                                                                                                                          • Instruction ID: 7f7dddd4c78afcd40df75186931ca58e5e90caba7f71aed1ecf691023f4aa516
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f9e42904fc853de33595d070cc727ff6a7eecac5b7ed14b1821419205f960ce
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50116322CCEA42A1E3759728A48817962E0EBA13D4F450172DD4D12AA49F3DE981936C
                                                                                                                                                                                          Function 00007FF8A872CA6C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: IDEA(128)$PSK$SHA256
                                                                                                                                                                                          • API String ID: 3142812517-1637006702
                                                                                                                                                                                          • Opcode ID: 3076256d6b74e3f9935704829b40b98b3aaef4a8449d8cf0cb10f2e252ccb529
                                                                                                                                                                                          • Instruction ID: 7ef969a792526e052985d61065f6635041ec2b01237c4bb26704aaca7f9df56e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3076256d6b74e3f9935704829b40b98b3aaef4a8449d8cf0cb10f2e252ccb529
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D116022CCEA42A1E3759728A48817962E0EBA13D4F450172CD4D12AA4AF3DEA81936C
                                                                                                                                                                                          Function 00007FF8A872CA75 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: IDEA(128)$SHA256$SRP
                                                                                                                                                                                          • API String ID: 3142812517-1647395391
                                                                                                                                                                                          • Opcode ID: f28a77de5bb641434630d58a4a208d3a566b7e236f8daa70a3ec5d91c537cfbb
                                                                                                                                                                                          • Instruction ID: a3c86404c949c0e1c152dd6bd9e673b90c1fb81514d6b856b30de6f6c4e6d8e2
                                                                                                                                                                                          • Opcode Fuzzy Hash: f28a77de5bb641434630d58a4a208d3a566b7e236f8daa70a3ec5d91c537cfbb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70116322CCEA42A1E3759728A48817962E0EBA13D4F450172DD4D12AA49F3DE980936C
                                                                                                                                                                                          Function 00007FF7279C2C10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7279C8220: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF7279C2E40), ref: 00007FF7279C8256
                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7279C2C93
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 00007FF7279C2CBB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                          • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                          • API String ID: 1878133881-785100509
                                                                                                                                                                                          • Opcode ID: ceee78ea7e6e2a8cc87b84f58916f9e69fc36966f5cd7132d74df1afc3b1fc05
                                                                                                                                                                                          • Instruction ID: cb26c4268cd63428abfe224a19cc3469820a8b4f460f7b00fbfc3f1792b9692a
                                                                                                                                                                                          • Opcode Fuzzy Hash: ceee78ea7e6e2a8cc87b84f58916f9e69fc36966f5cd7132d74df1afc3b1fc05
                                                                                                                                                                                          • Instruction Fuzzy Hash: E101D23271878241EB306B22BE057AAD280E74AFD4F8880389E8D17B89CD3CD1868F10
                                                                                                                                                                                          Function 00007FF8A872695D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_errorY_get0_group
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 3547453883-4238427508
                                                                                                                                                                                          • Opcode ID: 0e9dc11834c929a4a92aae2d86bb0b668fb8ca4cf33f942f419e2ecdf05cf504
                                                                                                                                                                                          • Instruction ID: 8e441dfcf73a6b5546df801d5e5f0a249e8ef980e44533c865a84053fbd37479
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e9dc11834c929a4a92aae2d86bb0b668fb8ca4cf33f942f419e2ecdf05cf504
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01DE21A0A54291EB50DB24F5402A963A0FB947C8F80043ADA8C07A99EF3CD584CB18
                                                                                                                                                                                          Function 00007FF7279C42F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                          • API String ID: 1532159127-1977442011
                                                                                                                                                                                          • Opcode ID: 596f9c6f4da9235583f883e7b0b9fd0a4c4344a57c1601f04a7c7c20de7fb95a
                                                                                                                                                                                          • Instruction ID: 4ace1c07ad32276954a217c892359bff30ecbf515bd9275ab64aa78441e3e7d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 596f9c6f4da9235583f883e7b0b9fd0a4c4344a57c1601f04a7c7c20de7fb95a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CF06961B1874381FE517620AE093B98290EB4FBC0F8440399C8E8A295DD1CE9478F20
                                                                                                                                                                                          Function 00007FF8A8726E16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                          • API String ID: 1176158178-4238427508
                                                                                                                                                                                          • Opcode ID: 477397e50a60c0d540ab04b71180e531b4601ec8d818973e2cc62173b46b5d9a
                                                                                                                                                                                          • Instruction ID: 8c8520ffc21d630016237737385450505a0d77228857b9ca9272f7d5e03d3d2e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 477397e50a60c0d540ab04b71180e531b4601ec8d818973e2cc62173b46b5d9a
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF0A921B4E64392EF619B21E1407B923E0FB14BC8F04013AEB0C06BA5FF3CE5909728
                                                                                                                                                                                          Function 00007FF8A8772F80 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: C_curve_nist2nidJ_ln2nidJ_sn2nidmemcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 722349470-0
                                                                                                                                                                                          • Opcode ID: 3589df518e814f2c1b6cee752c96d34c30101d664b7d3ebca52f7da53a35e291
                                                                                                                                                                                          • Instruction ID: 81e2e2a2352e7eef3c888cbb29c52e2bfe0eabfb90f9b10d7f9b10c391f6fddd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3589df518e814f2c1b6cee752c96d34c30101d664b7d3ebca52f7da53a35e291
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B213B22B4FA4261FB649B74D45037D62D1FF89BC4FD04031E65E9269AEF2CD981C329
                                                                                                                                                                                          Function 00007FF7279C2B10 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$ByteCharMultiWide
                                                                                                                                                                                          • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                          • API String ID: 3219091393-982972847
                                                                                                                                                                                          • Opcode ID: 328865e96d07de4edd26e3f480e02fb7eda1bc0481d9d5d3302e6b675bfb983c
                                                                                                                                                                                          • Instruction ID: da2fe1c61767701c5ccd07b9e40a8de08aac0ad59852218c9ebc5e748e567aa0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 328865e96d07de4edd26e3f480e02fb7eda1bc0481d9d5d3302e6b675bfb983c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 77015E11B1975305FD2976A61E2AABAD0418F4FFD0DC85478AD8E4BB82EC2CE4034E60
                                                                                                                                                                                          Function 00007FF8A87119C4 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_find_typeO_get_data
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 280995463-0
                                                                                                                                                                                          • Opcode ID: d0f089459478ce0474b71b8656c9d47bb1b1cd1a3c036a72a8685ffe64c7f616
                                                                                                                                                                                          • Instruction ID: b53efd1cd5d13fb6bd6c2b241881fed47a629c362edb327a23233da965cc8633
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f089459478ce0474b71b8656c9d47bb1b1cd1a3c036a72a8685ffe64c7f616
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0601B111F4F692A1FE459656E1002B95292EF88BC4F094030EE5D4BF9FDF2CE941872C
                                                                                                                                                                                          Function 00007FF8A8711D2A Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_free$DigestInit_exX_new
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4262507187-0
                                                                                                                                                                                          • Opcode ID: 3908ec200b85e2983a370706cbba9d834aa69e0fd4459fb68dce8b8133b0ae1a
                                                                                                                                                                                          • Instruction ID: 828a492118ff3aa82990eb59bded25bc27067a4252e02714a4ca6f343a3f50e6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3908ec200b85e2983a370706cbba9d834aa69e0fd4459fb68dce8b8133b0ae1a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F0A422B5AB4150EB81A729E5513385290DF48FD4F44C430FE5C47B9ADF3CD4408715
                                                                                                                                                                                          Function 00007FF8A871D9C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLastO_write
                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                          • API String ID: 186964608-2209325370
                                                                                                                                                                                          • Opcode ID: c3d22cc2d86fbe127466d4f782f76b5f20942385974a73c1357ffe6ffe0b2fec
                                                                                                                                                                                          • Instruction ID: 18d15dec1c47c472f4732250dec07147e730fc0bc34e47e9c607edb91e247973
                                                                                                                                                                                          • Opcode Fuzzy Hash: c3d22cc2d86fbe127466d4f782f76b5f20942385974a73c1357ffe6ffe0b2fec
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F41A232B4AA41A6EB20CF15D4442697BA1FB44BD8F188235DB8D07BA4DF3DE851DB18
                                                                                                                                                                                          Function 00007FF8A8711DAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                          • API String ID: 3946675294-1507966698
                                                                                                                                                                                          • Opcode ID: 28c3f517823522640e735040973c17768b2cf3d12b7f11715bcf0f73f8f5afdd
                                                                                                                                                                                          • Instruction ID: 89a5612af2750243134b7ed9d848de184e448f6f7b5954058fd6d2c4c3a7b22c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28c3f517823522640e735040973c17768b2cf3d12b7f11715bcf0f73f8f5afdd
                                                                                                                                                                                          • Instruction Fuzzy Hash: C0310972B4A54196FB54DB15E48037D3790E749BC8F188430DA4D8B795CF3CD892C718
                                                                                                                                                                                          Function 00007FF8A8711A4B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: e9339d296cf4c7c4dd0096b94222aa85dc0416be0311f202977cb97808b2dc33
                                                                                                                                                                                          • Instruction ID: f3e3e3701399a8d803c471cad81ffa9defb33c27594c1e32f02c92c65cb8a6a7
                                                                                                                                                                                          • Opcode Fuzzy Hash: e9339d296cf4c7c4dd0096b94222aa85dc0416be0311f202977cb97808b2dc33
                                                                                                                                                                                          • Instruction Fuzzy Hash: 34215E36B4A682A2E7A0CB61D8007F922A1EB847C4F44C035DE0C8B7A1DF7DE545D639
                                                                                                                                                                                          Function 00007FF8A8711E01 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                          • API String ID: 3946675294-348624464
                                                                                                                                                                                          • Opcode ID: a822d9bb87825374a6549099ed44b4a0dc0f27676cc6932e0884995b8e2685dc
                                                                                                                                                                                          • Instruction ID: 5dcdabb0775472f11d1a49496579621048f801c6d42f22c245d66ec5ee497b7b
                                                                                                                                                                                          • Opcode Fuzzy Hash: a822d9bb87825374a6549099ed44b4a0dc0f27676cc6932e0884995b8e2685dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1721F532F4A242A6E754DB11E894BB837A0FB89788F908131E94D87B92CF3DE541D719
                                                                                                                                                                                          Function 00007FF8A872CA5E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                          • String ID: IDEA(128)$SHA256
                                                                                                                                                                                          • API String ID: 3142812517-2727354722
                                                                                                                                                                                          • Opcode ID: f6cd50909d54a1819278025c5f07f2fde3c3f2b31f99c079fe934eabe613a531
                                                                                                                                                                                          • Instruction ID: 0dc799ce6fc90aa6c643523817b1b988da39280bde9018869eb77e07360f17bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6cd50909d54a1819278025c5f07f2fde3c3f2b31f99c079fe934eabe613a531
                                                                                                                                                                                          • Instruction Fuzzy Hash: 11117223CCEB42A1E3759728A48817962E0EBE13D4F450172CD4D13AA4AF3DEA80936C
                                                                                                                                                                                          Function 00007FF8A8711D52 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\d1_msg.c
                                                                                                                                                                                          • API String ID: 1767461275-424620239
                                                                                                                                                                                          • Opcode ID: 855a8ae2a66f2e3ea63fc2224fb77fd476cb01764c04cea8d42874fa9542f34e
                                                                                                                                                                                          • Instruction ID: 22d28c7e267fdd414b489e2323a2c92fb0629c3ed971b7568a58afc5f466084e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 855a8ae2a66f2e3ea63fc2224fb77fd476cb01764c04cea8d42874fa9542f34e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D117221A4D64666E2209B16E8002A96764FF85BD0F544235EE9D07FE9CF7CE9508728
                                                                                                                                                                                          Function 00007FF7279CCDE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-3474627141
                                                                                                                                                                                          • Opcode ID: 3373ce9a88896e149ead81a146e17feaf05e9c69e4ebc8bac4caa7ee2df81a9f
                                                                                                                                                                                          • Instruction ID: 754cbca8959f8c4367632e32fa746320952d9501defa9f515c7e47006491fd45
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3373ce9a88896e149ead81a146e17feaf05e9c69e4ebc8bac4caa7ee2df81a9f
                                                                                                                                                                                          • Instruction Fuzzy Hash: F1214926A04F858AE7119F68D8853E9B371FF5A798F844622EE8C17724EF38D256C700
                                                                                                                                                                                          Function 00007FF8A8711C76 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_copy_ex
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$f
                                                                                                                                                                                          • API String ID: 774438373-288918473
                                                                                                                                                                                          • Opcode ID: 43b72dd576c0a49c90067c4b7101db9f7e25063f7758619820a5f2d00fa1be7a
                                                                                                                                                                                          • Instruction ID: b742ed8a42ef674368ae7b4bae649d2ad06046fdd9d8c5c0db11710b74ee6257
                                                                                                                                                                                          • Opcode Fuzzy Hash: 43b72dd576c0a49c90067c4b7101db9f7e25063f7758619820a5f2d00fa1be7a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E012871B0B502A6F7618B21E8043AE7390EF44BD0F540230DE4C4BBA1EF2DD6D19B28
                                                                                                                                                                                          Function 00007FF8A87399C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                          • Opcode ID: 42e72fae4823f246006c6a1f5c8ab95baa661923ab3051eb830a147018046908
                                                                                                                                                                                          • Instruction ID: 38265790387010884aca0b0605be2e8f262c4543400ce5346ad4b0770a3d7738
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e72fae4823f246006c6a1f5c8ab95baa661923ab3051eb830a147018046908
                                                                                                                                                                                          • Instruction Fuzzy Hash: E701DFB2F4A68296F7509B54C8043E926A0FB40B88F408138D78C4B7E1CFBCD986CB25
                                                                                                                                                                                          Function 00007FF8A8711F64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: A_freeR_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                          • API String ID: 2676655247-2723262194
                                                                                                                                                                                          • Opcode ID: 72c29b5fd5a66d891dc46ea6151b9d53bd226e6150693e1e1df9dfc19f636d4c
                                                                                                                                                                                          • Instruction ID: cec196ebe07e34444e3f54902bd56b50e710d181e1944737cfcdf614ad837b16
                                                                                                                                                                                          • Opcode Fuzzy Hash: 72c29b5fd5a66d891dc46ea6151b9d53bd226e6150693e1e1df9dfc19f636d4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66F0F921B4A64191EB50DB65F5402BDA3A0EF887C0F544032EB4C4BB96DF3CD540C614
                                                                                                                                                                                          Function 00007FF7279C2E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message_errno
                                                                                                                                                                                          • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                          • API String ID: 1796756983-2410924014
                                                                                                                                                                                          • Opcode ID: ea340565870959be23fb6e9e11d4bee739c2d59d1fadefcf5973dfefa03d1205
                                                                                                                                                                                          • Instruction ID: 82a2112a568cfb11b392eddf8497ff25e966bf6160c73cf63c355d0f117efed8
                                                                                                                                                                                          • Opcode Fuzzy Hash: ea340565870959be23fb6e9e11d4bee739c2d59d1fadefcf5973dfefa03d1205
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2101712261C78281E620BB21B9407DAA254FB8ABC0F904135DACC13759CE3CD657CF50
                                                                                                                                                                                          Function 00007FF7279CCE46 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-4064033741
                                                                                                                                                                                          • Opcode ID: d91acc19fd03cae2b415eab986baa786b13cfab678dc1a4e10472f462256fc53
                                                                                                                                                                                          • Instruction ID: 3b9b4797f6dbb7ffe17619dcba9855e5368c3d1f46e4207421551f63ba445db6
                                                                                                                                                                                          • Opcode Fuzzy Hash: d91acc19fd03cae2b415eab986baa786b13cfab678dc1a4e10472f462256fc53
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC01BC26A04F858AD7019F29D8802AAB731FF4EB98F444726EF8C27764DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE39 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-2468659920
                                                                                                                                                                                          • Opcode ID: 10e377c91d17d0f301de9a9a2052d4d6639adc73ea77f0512dffc20f85460768
                                                                                                                                                                                          • Instruction ID: f7b6d55b1dad84753a111369b0b70cac4351eb48c04d7eb69ef4a9f8aca119bb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10e377c91d17d0f301de9a9a2052d4d6639adc73ea77f0512dffc20f85460768
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2401BC26A04F858AD7019F29D8802AAB731FF4EB98F404726EF8C2B724DF28C185C710
                                                                                                                                                                                          Function 00007FF7279CCE53 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-4283191376
                                                                                                                                                                                          • Opcode ID: e85bea1eea17f4553f1f0c5d6837dd78bee39da8c65153de1d0d7a03e787e670
                                                                                                                                                                                          • Instruction ID: 7d6eaebb2fff4eaed215b2693a87598362f9e1c5d175d8843c178676d3f32619
                                                                                                                                                                                          • Opcode Fuzzy Hash: e85bea1eea17f4553f1f0c5d6837dd78bee39da8c65153de1d0d7a03e787e670
                                                                                                                                                                                          • Instruction Fuzzy Hash: D001BC26A04F858AD7019F29D8802AAB731FF4EB98F444726EF8C27724DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-2713391170
                                                                                                                                                                                          • Opcode ID: 7127cb6aed573bc495a2f3aa8bb5466b247e9f50d0bb95b30cf0f717163b5fac
                                                                                                                                                                                          • Instruction ID: b6ee8e13d848dacea49a810ee685310b68891023ef82794b3130862bd39a08bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7127cb6aed573bc495a2f3aa8bb5466b247e9f50d0bb95b30cf0f717163b5fac
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6301BC26A04F858AD7019F69D8802AAB731FF4EB98F444726EF8C27724DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-4273532761
                                                                                                                                                                                          • Opcode ID: edb54fd18a9bad84d2105e5c7771574841c1449487ce9f4b3f567f10ecc1846a
                                                                                                                                                                                          • Instruction ID: 034694336f5812f2db6a19e71f59366f021f31a3c248ac13bfefeb04e51b295f
                                                                                                                                                                                          • Opcode Fuzzy Hash: edb54fd18a9bad84d2105e5c7771574841c1449487ce9f4b3f567f10ecc1846a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C401B126904F858AD7119F29D8402AA7731FF4E798F408726EF8C27764DF28C145C710
                                                                                                                                                                                          Function 00007FF7279CCE6D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                          • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                          • API String ID: 383729395-2187435201
                                                                                                                                                                                          • Opcode ID: c88fb609a798eda18f1f330f5825844799e0cad915efae99aee9ed2068d340bb
                                                                                                                                                                                          • Instruction ID: da1379778ab4f0fe1dbacd0c5cbd1664dcfc406e71c3e69902adec19fd2935db
                                                                                                                                                                                          • Opcode Fuzzy Hash: c88fb609a798eda18f1f330f5825844799e0cad915efae99aee9ed2068d340bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C01BC26A04F898AD7019F69D8812AAB771FF4EB98F444726EF8C27724DF28C146C710
                                                                                                                                                                                          Function 00007FF8A8725E09 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Y_get0_group
                                                                                                                                                                                          • String ID: {
                                                                                                                                                                                          • API String ID: 3268241200-4087598719
                                                                                                                                                                                          • Opcode ID: 1baf22aea847f424de8ca57e84cb34f188ebb91a18b5e641cc457d59bc7fc816
                                                                                                                                                                                          • Instruction ID: d8f5143b810db7e96dc6f417a86dafcc5bae57675cf999ca002c6bb0b6770105
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1baf22aea847f424de8ca57e84cb34f188ebb91a18b5e641cc457d59bc7fc816
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71F0A431A5E552A5FBA1DE11E0002BD6790EF847D4F400132DE4D47695FF3CE546CB28
                                                                                                                                                                                          Function 00007FF8A875896B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                          • String ID: )
                                                                                                                                                                                          • API String ID: 3946675294-2427484129
                                                                                                                                                                                          • Opcode ID: 65fec3cecdfe988b1043912a1c46b612975988de8ce40039839f9cddff237cd8
                                                                                                                                                                                          • Instruction ID: cd823ac935568d405d886ad834aa3dbc8eb292df129d015623a20fb57da119ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65fec3cecdfe988b1043912a1c46b612975988de8ce40039839f9cddff237cd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: CEF09662B4924296FB45DF25E04537D6391EB85BC8F184134CE4C0B78ADF3DD4958714
                                                                                                                                                                                          Function 00007FF8A873A9F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_errormemcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                          • API String ID: 1385177007-1080266419
                                                                                                                                                                                          • Opcode ID: 10cb0884061ef3f206dd78203e440ca8d92b14d13812e3b5a076d9c7ae8bf948
                                                                                                                                                                                          • Instruction ID: 314387eb5726986793a6127f18544336c90a7bb49fbce15f7135ec33b8579753
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10cb0884061ef3f206dd78203e440ca8d92b14d13812e3b5a076d9c7ae8bf948
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E09266F5A49656E760E764D4067AC33A0FB40784FC04034E34C06AA1DF6EA657CF28
                                                                                                                                                                                          Function 00007FF8A8725DCB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2143720722.00007FF8A8711000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8710000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2143642587.00007FF8A8710000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143720722.00007FF8A8781000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2143987873.00007FF8A8783000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144044406.00007FF8A87A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2144067282.00007FF8A87B8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8710000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$m
                                                                                                                                                                                          • API String ID: 1767461275-297842231
                                                                                                                                                                                          • Opcode ID: 015f7276b4616ebe684561128c72bfed2733b800ce5d44119271066c22264b62
                                                                                                                                                                                          • Instruction ID: b3f76921460479d30fc7cb11c59ecdf9e6d79910db342dc76c4fd23fd6d66659
                                                                                                                                                                                          • Opcode Fuzzy Hash: 015f7276b4616ebe684561128c72bfed2733b800ce5d44119271066c22264b62
                                                                                                                                                                                          • Instruction Fuzzy Hash: AED0C736B08801A6E321EB01F4002EA6360F7883A0F800833EB0C026A5DB3CE586DA28
                                                                                                                                                                                          Function 00007FF7279C61B0 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2141607210.00007FF7279C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7279C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2141583349.00007FF7279C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141667843.00007FF7279D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141695476.00007FF7279DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141726636.00007FF7279E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279E6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141769082.00007FF7279F5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141855281.00007FF7279F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2141883377.00007FF7279F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7279c0000_zapret.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 931b98c61a4e4e494cac6114eece4431e2b6b4bf8da8f1e9b5d944c4466bc56d
                                                                                                                                                                                          • Instruction ID: d24539ba9a5ec9ae95b34b6c8af9a49bc9811ddd05794c666c60e6a1a6cf66f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 931b98c61a4e4e494cac6114eece4431e2b6b4bf8da8f1e9b5d944c4466bc56d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF08221E0A65340FD29F762A9557BCA210DF47F41F8441B4CF8D27643CE2CE4434B21