Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
KuponcuBaba.exe

Overview

General Information

Sample Name:KuponcuBaba.exe
Analysis ID:778230
MD5:d6c3bf64cc7cb131d467246ce5a4c455
SHA1:2ea0b0bda586aeaef818445f48eae6edca8b9901
SHA256:d91890315262e8a77c565b54baa5f82cbd32451bbe4293bcd8b1918a3d2e0aa1
Tags:exe
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Hides threads from debuggers
Contains functionality to infect the boot sector
Modifies the context of a thread in another process (thread injection)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
PE file contains more sections than normal
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • KuponcuBaba.exe (PID: 2820 cmdline: C:\Users\user\Desktop\KuponcuBaba.exe MD5: D6C3BF64CC7CB131D467246CE5A4C455)
    • conhost.exe (PID: 64 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • KuponcuBaba.exe (PID: 5192 cmdline: C:\Users\user\Desktop\KuponcuBaba.exe MD5: D6C3BF64CC7CB131D467246CE5A4C455)
      • cmd.exe (PID: 2772 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • cmd.exe (PID: 5416 cmdline: C:\Windows\system32\cmd.exe /c @echo off MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • cmd.exe (PID: 5540 cmdline: C:\Windows\system32\cmd.exe /c cls MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A380F0 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,7_2_70A380F0
Source: KuponcuBaba.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\A\35\b\bin\amd64\python3.pdb source: KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556432245.0000027F02150000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: KuponcuBaba.exe, 00000007.00000002.573058618.00007FFA0ACAD000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: _openssl.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.569699537.00007FFA069F8000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ctypes.pdb source: KuponcuBaba.exe, 00000007.00000002.569805697.00007FFA06A20000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32clipboard.pdb source: KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573522589.00007FFA18E34000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: _openssl.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573757806.00007FFA18EA3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.5built on: Tue Jul 5 11:53:43 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: _openssl.pyd.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb** source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: KuponcuBaba.exe, 00000001.00000003.287563558.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572480939.00007FFA094C1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.567289329.00007FFA065DB000.00000002.00000001.01000000.00000012.sdmp, unicodedata.pyd.1.dr
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.569402590.00007FFA06970000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_uuid.pdb source: KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573650405.00007FFA18E92000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.574016045.00007FFA1B4D6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573851934.00007FFA18ED3000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573363921.00007FFA13D0D000.00000002.00000001.01000000.00000013.sdmp
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8456940 FindFirstFileExW,FindClose,1_2_00007FF6F8456940
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8470D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6F8470D64
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 4x nop then push rbp7_2_70A2BD40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 4x nop then push rbp7_2_70A2BD40
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%s/status
Source: KuponcuBaba.exe, 00000007.00000002.564631005.0000027F05078000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444
Source: KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444/wd/hub
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.0.0.1:4444/wd/hub
Source: KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org/techtonik/python-pager
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org/techtonik/python-wget/
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: KuponcuBaba.exe, 00000007.00000002.564631005.0000027F05078000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://chromedriver.storage.googleapis.com/index.html
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: KuponcuBaba.exe, 00000007.00000002.560131047.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlll
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl_
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlr
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAss
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssj
Source: KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digiz
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://greenbytes.de/tech/tc2231/
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esPE
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pypi.python.org/pypi/wget/
Source: KuponcuBaba.exe, 00000007.00000002.562926496.0000027F04BD2000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/(lK
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/Zl
Source: KuponcuBaba.exe, 00000007.00000002.565894975.0000027F051F4000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sunucu.troyagame.com/
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sunucu.troyagame.com/z
Source: KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: KuponcuBaba.exe, 00000001.00000003.298015876.000001A41CE2E000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.298020453.000001A41CE30000.00000004.00000020.00020000.00000000.sdmp, mutation-listener.js.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563280811.0000027F04C6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: KuponcuBaba.exe, 00000007.00000003.334060970.0000027F044A6000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560131047.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333732076.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333894641.0000027F04507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: _cffi_backend.cp310-win_amd64.pyd.1.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/home
Source: KuponcuBaba.exe, 00000007.00000002.565551982.0000027F051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/
Source: KuponcuBaba.exe, 00000007.00000002.565293099.0000027F0515C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASEz
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/z
Source: KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://codecov.io/github/pyca/cryptography/coverage.svg?branch=main
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://codecov.io/github/pyca/cryptography?branch=main
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io
Source: METADATA.1.drString found in binary or memory: https://cryptography.io/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: KuponcuBaba.exe, 00000007.00000002.565293099.0000027F0515C000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/safari/download/.
Source: KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilities
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
Source: KuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol)
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: KuponcuBaba.exe, 00000001.00000003.295690492.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294934339.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572718758.00007FFA0AC62000.00000002.00000001.01000000.00000017.sdmp, KuponcuBaba.exe, 00000007.00000002.573581346.00007FFA18E38000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: KuponcuBaba.exe, 00000007.00000003.299968567.0000027F022F8000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.557606845.0000027F026E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: KuponcuBaba.exe, 00000007.00000002.564493371.0000027F05050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: KuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: KuponcuBaba.exe, 00000007.00000002.565894975.0000027F051F4000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sunucu.troyagame.com/
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webauthn/#credential-parameters
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-browser-version
Source: KuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-insecure-tls-certificates
Source: KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-platform-name
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-strict-file-interactability
Source: KuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#timeouts
Source: KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drString found in binary or memory: https://www.apache.org/licenses/
Source: KuponcuBaba.exe, 00000001.00000003.296891487.000001A41CE39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296737570.000001A41CE38000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.567784866.00007FFA0669A000.00000002.00000001.01000000.0000000F.sdmp, KuponcuBaba.exe, 00000007.00000002.569650058.00007FFA069E7000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: KuponcuBaba.exe, 00000001.00000003.295819833.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.1.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: KuponcuBaba.exe, 00000007.00000002.557187866.0000027F02660000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300707340.0000027F029DA000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.1.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.selenium.dev/downloads/
Source: KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.yemeksepeti.com/
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.yemeksepeti.com/rj
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/s
Source: unknownDNS traffic detected: queries for: sunucu.troyagame.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sunucu.troyagame.comUser-Agent: python-requests/2.28.1Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846B3DC1_2_00007FF6F846B3DC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846FDC81_2_00007FF6F846FDC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8474DC81_2_00007FF6F8474DC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84558A01_2_00007FF6F84558A0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846115C1_2_00007FF6F846115C
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84731CC1_2_00007FF6F84731CC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84601C01_2_00007FF6F84601C0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8478B081_2_00007FF6F8478B08
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84603AC1_2_00007FF6F84603AC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846DC081_2_00007FF6F846DC08
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845FC041_2_00007FF6F845FC04
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84624181_2_00007FF6F8462418
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846744C1_2_00007FF6F846744C
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84664441_2_00007FF6F8466444
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84614E81_2_00007FF6F84614E8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846D5881_2_00007FF6F846D588
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84605941_2_00007FF6F8460594
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8472D401_2_00007FF6F8472D40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8470D641_2_00007FF6F8470D64
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8464D601_2_00007FF6F8464D60
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F81_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845FDEC1_2_00007FF6F845FDEC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F81_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84590301_2_00007FF6F8459030
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84757C01_2_00007FF6F84757C0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845FFD81_2_00007FF6F845FFD8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8461FE41_2_00007FF6F8461FE4
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84627E41_2_00007FF6F84627E4
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84690501_2_00007FF6F8469050
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84750441_2_00007FF6F8475044
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846FDC81_2_00007FF6F846FDC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846D0D81_2_00007FF6F846D0D8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0E6F07_2_70A0E6F0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0A7B07_2_70A0A7B0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6FFB07_2_70A6FFB0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A36F007_2_70A36F00
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3A0A07_2_70A3A0A0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3D8007_2_70A3D800
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3E8607_2_70A3E860
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A771907_2_70A77190
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A271107_2_70A27110
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3B1107_2_70A3B110
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A7D9107_2_70A7D910
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A239407_2_70A23940
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A5E1407_2_70A5E140
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A439507_2_70A43950
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6E1507_2_70A6E150
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A35AF07_2_70A35AF0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0F2207_2_70A0F220
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A382707_2_70A38270
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A362507_2_70A36250
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A013E07_2_70A013E0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6C3307_2_70A6C330
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3D3107_2_70A3D310
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A223607_2_70A22360
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A573707_2_70A57370
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6BB707_2_70A6BB70
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3EC807_2_70A3EC80
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A34C207_2_70A34C20
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6CC157_2_70A6CC15
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A24DA07_2_70A24DA0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A265B07_2_70A265B0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A965E07_2_70A965E0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A7DDF07_2_70A7DDF0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A38DC07_2_70A38DC0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6EDC07_2_70A6EDC0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A7E5107_2_70A7E510
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A315707_2_70A31570
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A225407_2_70A22540
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A2BD407_2_70A2BD40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A41D407_2_70A41D40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3B5507_2_70A3B550
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A436D07_2_70A436D0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A07E207_2_70A07E20
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A31E307_2_70A31E30
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6D6307_2_70A6D630
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A29E707_2_70A29E70
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A18E407_2_70A18E40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A56FE27_2_70A56FE2
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0F7C07_2_70A0F7C0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3CF207_2_70A3CF20
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A407007_2_70A40700
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A26F707_2_70A26F70
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A2D400 appears 325 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A96CA0 appears 192 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A96730 appears 31 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 00007FF6F8451C50 appears 53 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A22B90: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy,7_2_70A22B90
Source: unicodedata.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.1.drStatic PE information: No import functions for PE file found
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.287563558.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295690492.000001A41CE37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32clipboard.pyd0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32clipboard.pyd0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.294934339.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exeBinary or memory string: OriginalFilename vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.569840953.00007FFA06A2B000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.567325250.00007FFA065E1000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.569735716.00007FFA06A02000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572937829.00007FFA0AC94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.556432245.0000027F02150000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573697532.00007FFA18E94000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.567784866.00007FFA0669A000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572718758.00007FFA0AC62000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573790107.00007FFA18EA6000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573412480.00007FFA13D12000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.569650058.00007FFA069E7000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572377153.00007FFA06E77000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.574057697.00007FFA1B4DD000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573581346.00007FFA18E38000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamewin32clipboard.pyd0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572521270.00007FFA094C7000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573247619.00007FFA0ACC5000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573874254.00007FFA18ED6000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs KuponcuBaba.exe
Source: _pytransform.dll.1.drStatic PE information: Number of sections : 11 > 10
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Users\user\Desktop\KuponcuBaba.exeJump to behavior
Source: KuponcuBaba.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\KuponcuBaba.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exe
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exe
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c @echo off
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exeJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c @echo offJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c clsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202Jump to behavior
Source: classification engineClassification label: mal52.evad.winEXE@10/40@2/1
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84565D0 GetLastError,FormatMessageW,WideCharToMultiByte,1_2_00007FF6F84565D0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:64:120:WilError_01
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: KuponcuBaba.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: KuponcuBaba.exeStatic file information: File size 9945512 > 1048576
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: KuponcuBaba.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\A\35\b\bin\amd64\python3.pdb source: KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556432245.0000027F02150000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: KuponcuBaba.exe, 00000007.00000002.573058618.00007FFA0ACAD000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: _openssl.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.569699537.00007FFA069F8000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ctypes.pdb source: KuponcuBaba.exe, 00000007.00000002.569805697.00007FFA06A20000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32clipboard.pdb source: KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573522589.00007FFA18E34000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: _openssl.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573757806.00007FFA18EA3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.5built on: Tue Jul 5 11:53:43 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: _openssl.pyd.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb** source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: KuponcuBaba.exe, 00000001.00000003.287563558.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572480939.00007FFA094C1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.567289329.00007FFA065DB000.00000002.00000001.01000000.00000012.sdmp, unicodedata.pyd.1.dr
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.569402590.00007FFA06970000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_uuid.pdb source: KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573650405.00007FFA18E92000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.574016045.00007FFA1B4D6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573851934.00007FFA18ED3000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573363921.00007FFA13D0D000.00000002.00000001.01000000.00000013.sdmp
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70B2B4B4 push rax; retf FA26h7_2_70B2B4CE
Source: KuponcuBaba.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: python310.dll.1.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.1.drStatic PE information: section name: _RDATA
Source: _pytransform.dll.1.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,RtlWow64SetThreadContext,7_2_70A70C90
Source: _rust.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x18f993
Source: win32clipboard.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xe7ea
Source: _cffi_backend.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x38dc3
Source: pywintypes310.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x2c5f0
Source: _pytransform.dll.1.drStatic PE information: real checksum: 0x125b11 should be: 0x120054
Source: _openssl.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x3d5506

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d7_2_70A22B90
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d7_2_70A227E0
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\select.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\libssl-1_1.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d7_2_70A22B90
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d7_2_70A227E0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8454710 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00007FF6F8454710
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeAPI coverage: 4.1 %
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A97031 GetSystemInfo,7_2_70A97031
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8456940 FindFirstFileExW,FindClose,1_2_00007FF6F8456940
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8470D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6F8470D64
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6F84665F8
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWopti%SystemRoot%\system32\mswsock.dllvailable on all platforms!

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A95C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6F845A95C
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,RtlWow64SetThreadContext,7_2_70A70C90
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8472930 GetProcessHeap,1_2_00007FF6F8472930
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A190 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,1_2_00007FF6F845A190
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A95C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6F845A95C
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845AB04 SetUnhandledExceptionFilter,1_2_00007FF6F845AB04
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A344 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6F845A344
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8469F80 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6F8469F80
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A95380 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_70A95380
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_00007FF6F845A190 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,7_2_00007FF6F845A190

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread register set: target process: 64Jump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread register set: target process: 64Jump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread register set: target process: 64Jump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exeJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c @echo offJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c clsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\common VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\common\devtools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8478950 cpuid 1_2_00007FF6F8478950
Source: C:\Users\user\Desktop\KuponcuBaba.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A840 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00007FF6F845A840
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8474DC8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,1_2_00007FF6F8474DC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A70CFC GetVersion,GetCurrentThread,7_2_70A70CFC

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		1
Bootkit		111
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium22
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts111
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials25
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 778230 Sample: KuponcuBaba.exe Startdate: 05/01/2023 Architecture: WINDOWS Score: 52 6 KuponcuBaba.exe 63 2->6         started        file3 22 C:\Users\user\AppData\...\win32clipboard.pyd, PE32+ 6->22 dropped 24 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->24 dropped 26 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 6->26 dropped 28 21 other files (none is malicious) 6->28 dropped 32 Contains functionality to infect the boot sector 6->32 10 KuponcuBaba.exe 1 6->10         started        14 conhost.exe 6->14         started        signatures4 process5 dnsIp6 30 sunucu.troyagame.com 159.253.33.92, 443, 49703, 49704 NETINTERNETNetinternetBilisimTeknolojileriASTR Turkey 10->30 34 Modifies the context of a thread in another process (thread injection) 10->34 36 Hides threads from debuggers 10->36 16 cmd.exe 1 10->16         started        18 cmd.exe 1 10->18         started        20 cmd.exe 1 10->20         started        signatures7 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
KuponcuBaba.exe2%ReversingLabs
KuponcuBaba.exe6%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\pywintypes310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
sunucu.troyagame.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0%URL Reputationsafe
https://www.catcert.net/verarrel0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%URL Reputationsafe
http://www.accv.es000%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl0%URL Reputationsafe
http://127.0.0.1:4444/wd/hub1%VirustotalBrowse
https://sunucu.troyagame.com/0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
http://crl3.digi0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
http://127.0.0.1:4444/wd/hub0%Avira URL Cloudsafe
https://w3c.github.io/html/sec-forms.html#multipart-form-data0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl0%URL Reputationsafe
http://127.0.0.1:%s/status0%Avira URL Cloudsafe
http://ocsp.accv.esPE0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-insecure-tls-certificates0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crlr0%Avira URL Cloudsafe
https://www.selenium.dev/downloads/0%Avira URL Cloudsafe
http://crl3.digiz0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/s0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-browser-version0%Avira URL Cloudsafe
http://127.0.0.1:44440%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://chromedevtools.github.io/devtools-protocol/0%Avira URL Cloudsafe
http://sunucu.troyagame.com/z0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#timeouts0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-strict-file-interactability0%Avira URL Cloudsafe
http://sunucu.troyagame.com/0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-platform-name0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl_0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sunucu.troyagame.com
159.253.33.92
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://sunucu.troyagame.com/false
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol)KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    https://cloud.google.com/appengine/docs/standard/runtimesKuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://crl3.digizKuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/mhammond/pywin32KuponcuBaba.exe, 00000001.00000003.295690492.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294934339.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572718758.00007FFA0AC62000.00000002.00000001.01000000.00000017.sdmp, KuponcuBaba.exe, 00000007.00000002.573581346.00007FFA18E38000.00000002.00000001.01000000.00000016.sdmpfalse
        		high
        http://pypi.python.org/pypi/wget/KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://python.org/dev/peps/pep-0263/KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmpfalse
            		high
            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://127.0.0.1:4444/wd/hubKuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://bitbucket.org/techtonik/python-pagerKuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/pyca/cryptography/actions?query=workflow%3ACIKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                  		high
                  https://tools.ietf.org/html/rfc2388#section-4.4KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.apache.org/licenses/LICENSE-2.0KuponcuBaba.exe, 00000001.00000003.296891487.000001A41CE39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296737570.000001A41CE38000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drfalse
                      		high
                      https://www.yemeksepeti.com/KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://sunucu.troyagame.com/KuponcuBaba.exe, 00000007.00000002.565894975.0000027F051F4000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://repository.swisssign.com/(lKKuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.selenium.dev/downloads/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.dhimyotis.com/certignarootca.crlKuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://curl.haxx.se/rfc/cookie_spec.htmlKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            http://ocsp.accv.esKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://w3c.github.io/webdriver/#dfn-browser-versionKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://json.orgKuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688KuponcuBaba.exe, 00000007.00000003.299968567.0000027F022F8000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.557606845.0000027F026E8000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://httpbin.org/getKuponcuBaba.exe, 00000007.00000002.564493371.0000027F05050000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://w3c.github.io/webdriver/#dfn-insecure-tls-certificatesKuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://httpbin.org/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://wwww.certigna.fr/autorites/0mKuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerKuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://httpbin.org/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.apache.org/licenses/KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drfalse
                                            		high
                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                              		high
                                              https://wwww.certigna.fr/autorites/KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilitiesKuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://127.0.0.1:%s/statusKuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cryptography.io/en/latest/installation/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                    		high
                                                    https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syKuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crl.securetrust.com/STCA.crlrKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.catcert.net/verarrelKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://crl.securetrust.com/STCA.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://chromedriver.chromium.org/homeKuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://wwwsearch.sf.net/):KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.accv.es/legislacion_c.htmKuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tools.ietf.org/html/rfc6125#section-6.4.3KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://cryptography.io/en/latest/security/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                  		high
                                                                  https://cffi.readthedocs.io/en/latest/using.html#callbacks_cffi_backend.cp310-win_amd64.pyd.1.drfalse
                                                                    		high
                                                                    http://crl.xrampsecurity.com/XGCA.crl0KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.cert.fnmt.es/dpcs/KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.yemeksepeti.com/rjKuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.accv.es00KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyKuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://wwww.certigna.fr/autorites/sKuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/pyca/cryptography/issuesMETADATA.1.drfalse
                                                                            		high
                                                                            https://readthedocs.org/projects/cryptography/badge/?version=latestKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                              		high
                                                                              http://ocsp.accv.esPEKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://google.com/KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://mahler:8092/site-updates.pyKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                http://127.0.0.1:4444KuponcuBaba.exe, 00000007.00000002.564631005.0000027F05078000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crl.securetrust.com/SGCA.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocolKuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://.../back.jpegKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  https://github.com/pyca/cryptographyKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                    		high
                                                                                    https://www.python.org/download/releases/2.3/mro/.KuponcuBaba.exe, 00000007.00000002.557187866.0000027F02660000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300707340.0000027F029DA000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.1.drfalse
                                                                                      		high
                                                                                      https://cryptography.io/METADATA.1.drfalse
                                                                                        		high
                                                                                        https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyKuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://httpbin.org/postKuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://chromedevtools.github.io/devtools-protocol/KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://github.com/pyca/cryptography/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                              		high
                                                                                              https://github.com/Ousret/charset_normalizerKuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/urllib3/urllib3/issues/497KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.firmaprofesional.com/cps0KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563280811.0000027F04C6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://bitbucket.org/techtonik/python-wget/KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.securetrust.com/SGCA.crl0KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://crl3.digiKuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://crl.securetrust.com/STCA.crl0KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://w3c.github.io/webdriver/#timeoutsKuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://codecov.io/github/pyca/cryptography/coverage.svg?branch=mainKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                        		high
                                                                                                        http://yahoo.com/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://w3c.github.io/webdriver/#dfn-platform-nameKuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6KuponcuBaba.exe, 00000007.00000003.334060970.0000027F044A6000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560131047.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333732076.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333894641.0000027F04507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drfalse
                                                                                                              		high
                                                                                                              https://w3c.github.io/html/sec-forms.html#multipart-form-dataKuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.quovadisglobal.com/cps0KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlKuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cryptography.io/en/latest/changelog/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                      		high
                                                                                                                      https://mail.python.org/mailman/listinfo/cryptography-devKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                        		high
                                                                                                                        https://codecov.io/github/pyca/cryptography?branch=mainKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                          		high
                                                                                                                          https://requests.readthedocs.ioKuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://repository.swisssign.com/KuponcuBaba.exe, 00000007.00000002.562926496.0000027F04BD2000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://w3c.github.io/webdriver/#dfn-strict-file-interactabilityKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategiesKuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://crl.xrampsecurity.com/XGCA.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.apache.org/licenses/LICENSE-2.0KuponcuBaba.exe, 00000001.00000003.298015876.000001A41CE2E000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.298020453.000001A41CE30000.00000004.00000020.00020000.00000000.sdmp, mutation-listener.js.1.drfalse
                                                                                                                                		high
                                                                                                                                http://sunucu.troyagame.com/zKuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://www.python.orgKuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.accv.es/legislacion_c.htm0UKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.securetrust.com/SGCA.crl_KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    159.253.33.92
                                                                                                                                    		sunucu.troyagame.comTurkey
                                                                                                                                    		51559NETINTERNETNetinternetBilisimTeknolojileriASTRfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                    Analysis ID:778230
                                                                                                                                    Start date and time:2023-01-05 08:54:13 +01:00
                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 8m 37s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Sample file name:KuponcuBaba.exe
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                    Number of analysed new started processes analysed:14
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • HDC enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal52.evad.winEXE@10/40@2/1
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HDC Information:Failed
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 99%
                                                                                                                                    • Number of executed functions: 71
                                                                                                                                    • Number of non-executed functions: 135
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    No simulations

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    No context

                                                                                                                                    Domains

                                                                                                                                    No context

                                                                                                                                    ASNs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    NETINTERNETNetinternetBilisimTeknolojileriASTRRkl-098732456789-09.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.128.115
                                                                                                                                    SecuriteInfo.com.Trojan.PackedNET.1293.4408.24137.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.128.115
                                                                                                                                    R07--098765434-0980.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.128.115
                                                                                                                                    R1_QTN_CTL_ 09112022_Quote.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.138.99
                                                                                                                                    Linux_amd64Get hashmaliciousBrowse
                                                                                                                                    • 89.252.159.3
                                                                                                                                    Sample_disagreement_letter_to_employer_for_performance_evaluation (gat).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.180.102
                                                                                                                                    RTK-0983456709.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.128.115
                                                                                                                                    What_caused_napoleon_to_reach_an_agreement_with_the_pope (hax).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    08765434567890-098765678.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.252.128.115
                                                                                                                                    What_is_a_federal_odometer_statement_arkansas (gpi).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    vra3TE7j6s.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.43.28.59
                                                                                                                                    vra3TE7j6s.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.43.28.59
                                                                                                                                    The_four_agreements_never_take_anything_personally (mn).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    Forest_service_pse_agreement_form (hf).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    csrss.exeGet hashmaliciousBrowse
                                                                                                                                    • 31.192.212.202
                                                                                                                                    gootloader.jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    Short_let_tenancy_agreement_template_uk (xvc).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253
                                                                                                                                    TEKL#U0130F TALEP T#U00dcB#U0130TAK SAGE RFQ_xlsx.exeGet hashmaliciousBrowse
                                                                                                                                    • 89.43.28.66
                                                                                                                                    What_is_an_open_book_agreement (lpl).jsGet hashmaliciousBrowse
                                                                                                                                    • 93.113.63.253

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dllmain.exeGet hashmaliciousBrowse
                                                                                                                                      qv81R5O5Cd.exeGet hashmaliciousBrowse
                                                                                                                                        853224ac39d813dbb9e806ab0c12f04a.exeGet hashmaliciousBrowse
                                                                                                                                          Search.exeGet hashmaliciousBrowse
                                                                                                                                            jixmhul47W.exeGet hashmaliciousBrowse
                                                                                                                                              updx64.exeGet hashmaliciousBrowse
                                                                                                                                                laZagne.exeGet hashmaliciousBrowse
                                                                                                                                                  FASBMag_MiR_Dashboard_01.exeGet hashmaliciousBrowse
                                                                                                                                                    Update.exeGet hashmaliciousBrowse
                                                                                                                                                      Token Grab Link.exeGet hashmaliciousBrowse
                                                                                                                                                        Sqk0sXvOsS.exeGet hashmaliciousBrowse
                                                                                                                                                          65E478D362872F67157091809D8140361513F8118A4A2.exeGet hashmaliciousBrowse
                                                                                                                                                            checker_no_login.exeGet hashmaliciousBrowse
                                                                                                                                                              n.exeGet hashmaliciousBrowse
                                                                                                                                                                nuker.exe.exeGet hashmaliciousBrowse
                                                                                                                                                                  silent_vira.exeGet hashmaliciousBrowse
                                                                                                                                                                    silent_vira.exeGet hashmaliciousBrowse
                                                                                                                                                                      football.exeGet hashmaliciousBrowse
                                                                                                                                                                        ShieldGenerator.exeGet hashmaliciousBrowse
                                                                                                                                                                          2FcW2nJG57.exeGet hashmaliciousBrowse

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):97168
                                                                                                                                                                            Entropy (8bit):6.424686954579329
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                            MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                            SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                            SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                            SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: qv81R5O5Cd.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: 853224ac39d813dbb9e806ab0c12f04a.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Search.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: jixmhul47W.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: updx64.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: laZagne.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: FASBMag_MiR_Dashboard_01.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Update.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Token Grab Link.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Sqk0sXvOsS.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: 65E478D362872F67157091809D8140361513F8118A4A2.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: checker_no_login.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: n.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: nuker.exe.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: silent_vira.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: silent_vira.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: football.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: ShieldGenerator.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: 2FcW2nJG57.exe, Detection: malicious, Browse
                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):80784
                                                                                                                                                                            Entropy (8bit):6.45456109441925
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:hwz7h8B7BjhJCZePYgl/5S8Gh2Nv0DFIGtVQ7Sygj:hwz18BrJCJglhlGINv0RIGtVQej
                                                                                                                                                                            MD5:BCF0D58A4C415072DAE95DB0C5CC7DB3
                                                                                                                                                                            SHA1:8CE298B7729C3771391A0DECD82AB4AE8028C057
                                                                                                                                                                            SHA-256:D7FAF016EF85FDBB6636F74FC17AFC245530B1676EC56FC2CC756FE41CD7BF5A
                                                                                                                                                                            SHA-512:C54D76E50F49249C4E80FC6CE03A5FDEC0A79D2FF0880C2FC57D43227A1388869E8F7C3F133EF8760441964DA0BF3FC23EF8D3C3E72CE1659D40E8912CB3E9BC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>E.mE.mE.mL.=mO.m...lG.m#.SmF.m...lI.m...lM.m...lA.m...lF.m...lG.mE.m..m...lM.m...lD.m..QmD.m...lD.mRichE.m........PE..d....y.a.........." .........^...............................................P......S7....`.........................................@...H............0....... ..,............@......`...T...............................8............................................text...U........................... ..`.rdata...>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):181248
                                                                                                                                                                            Entropy (8bit):6.191174351377468
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:fp5LZ3sgWSqjfy8dBbm/6WnUsHozssS7piSTLkKyS7TlSyQH:fptZ8gW9jrBbQnfIzLIiSTLLymlSy
                                                                                                                                                                            MD5:6F1B90884343F717C5DC14F94EF5ACEA
                                                                                                                                                                            SHA1:CCA1A4DCF7A32BF698E75D58C5F130FB3572E423
                                                                                                                                                                            SHA-256:2093E7E4F5359B38F0819BDEF8314FDA332A1427F22E09AFC416E1EDD5910FE1
                                                                                                                                                                            SHA-512:E2C673B75162D3432BAB497BAD3F5F15A9571910D25F1DFFB655755C74457AC78E5311BD5B38D29A91AEC4D3EF883AE5C062B9A3255B5800145EB997863A7D73
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.....C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C...B...C...B...C...C..C...B...C..HC...C...B...C.."C...C...B...CRich...C........PE..d...o.b.........." .........@...............................................0............`..........................................g..l...|g..................H............ .......M...............................M..8............................................text...H........................... ..`.rdata..............................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):119696
                                                                                                                                                                            Entropy (8bit):5.97015025328591
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:RW66GKh4hqyIVQoavMSuthSfrS04ep9x31IGQPm5S:Y6QKtkSu3SfrSGFBS
                                                                                                                                                                            MD5:41A9708AF86AE3EBC358E182F67B0FB2
                                                                                                                                                                            SHA1:ACCAB901E2746F7DA03FAB8301F81A737B6CC180
                                                                                                                                                                            SHA-256:0BD4ED11F2FB097F235B62EB26A00C0CB16815BBF90AB29F191AF823A9FED8CF
                                                                                                                                                                            SHA-512:835F9AA33FDFBB096C31F8AC9A50DB9FAC35918FC78BCE03DAE55EA917F738A41F01AEE4234A5A91FFA5BDBBD8E529399205592EB0CAE3224552C35C098B7843
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........P...1c..1c..1c..I...1c..Db..1c..Df..1c..Dg..1c..D`..1c.vDb..1c..Cg..1c..Cb..1c.VXb..1c..1b.$1c.vDn..1c.vDc..1c.vD...1c.vDa..1c.Rich.1c.........................PE..d....y.a.........." ................ [...................................................`..........................................Q.......Q..........................................T........................... ...8...............@............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):250768
                                                                                                                                                                            Entropy (8bit):6.527857952800466
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:MJFPEV3nLF0eMMCtGzohEgCmUQjYK9qWMa3pLW1AtSrYB4BRWr8k:cPgXLF035tVZCRBQC06nWr8k
                                                                                                                                                                            MD5:D976C5F77A6370CF6F28A5714BF49AE3
                                                                                                                                                                            SHA1:79273EB123A68BA5CB91FF37EE0A82CEE880C2CC
                                                                                                                                                                            SHA-256:FE2BCCB2E204A736ED86A8D16EFFEAFE83B30B44F809349E172142665DE8458A
                                                                                                                                                                            SHA-512:57DF90F9FAF31F81F245A39A14C0784A3FACE4F76F00430DE8CFF2E86B55FA3269CD595119FD093E03709DEBF0888618917CAE5EA5E68F43A8E928861CAA01C5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t!=.0@S.0@S.0@S.98..>@S.b5R.2@S.b5V.<@S.b5W.8@S.b5P.4@S..5R.3@S..2R.2@S.0@R..@S..5P.1@S..5^.?@S..5S.1@S..5..1@S..5Q.1@S.Rich0@S.................PE..d....y.a.........." .....|...:......l...............................................-.....`..........................................T..P....T...................'..............<... ...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60304
                                                                                                                                                                            Entropy (8bit):6.093275200649072
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:JV/wp93dN0yIITgu/w521DxBjWO/Z1bbr1IG5ItYiSyvJhKy:GNdeyIaVww1TjWMr1IG5It7Syf
                                                                                                                                                                            MD5:F63DA7F9A4E64148255E9D3885E7A008
                                                                                                                                                                            SHA1:756DC192E7B2932DF147C48F05EC5E38E9AA06E6
                                                                                                                                                                            SHA-256:FA0BB4BF93A6739CE5ADE6A7A69272BBC1227D09C7AFC1C027D6CEA41141BCC6
                                                                                                                                                                            SHA-512:23D06DEF20C3668613392A02832777B27AD5353E1DC246316043B606890445D195A1066FCA65300A5D429319AA2AE2505F9FA3A5AB0F97ABA2717B64AAA07E8D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bGq.&&..&&..&&../^.."&..tS..$&..tS..-&..tS...&..tS..%&..S..$&...T..$&...Q..%&..&&..&..S..'&..S..'&..S..'&..S..'&..Rich&&..........................PE..d....y.a.........." .....P...~.......<...................................................`.............................................P......................................T....k..T............................k..8............`...............................text....N.......P.................. ..`.rdata...O...`...P...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):154000
                                                                                                                                                                            Entropy (8bit):6.8078458773005055
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:GD6xBrqs+vs0H0q8bnpbVZbXsAIPznfo9mNoK5vSpxpRIGe1y2:GD63rcRLCV+7wYOK50P2
                                                                                                                                                                            MD5:BA3797D77B4B1F3B089A73C39277B343
                                                                                                                                                                            SHA1:364A052731CFE40994C6FEF4C51519F7546CD0B1
                                                                                                                                                                            SHA-256:F904B02720B6498634FC045E3CC2A21C04505C6BE81626FE99BDB7C12CC26DC6
                                                                                                                                                                            SHA-512:5688AE25405AE8C5491898C678402C7A62EC966A8EC77891D9FD397805A5CFCF02D7AE8E2AA27377D65E6CE05B34A7FFDEDF3942A091741AF0D5BCE41628BF7D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l............................................Z......3.............Z......Z......Z......Z......Rich............PE..d....y.a.........." .....^...........2....................................................`.............................................L...,...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1165824
                                                                                                                                                                            Entropy (8bit):7.056422721818035
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:LsZDXB6wmcZzdcZ7fUoPHUEXLznTrenIGHSQt:QZDXB6wmcUfTCHHt
                                                                                                                                                                            MD5:B07455B8C47BBBE0AE685314988C397E
                                                                                                                                                                            SHA1:5464EA83A88BC7BD1054A119C8BB38952C3DCB17
                                                                                                                                                                            SHA-256:30EFA93EC5E967CA5BBBFEFC9970CEDB0806F89E7F10EC59B708A5F853E0DF32
                                                                                                                                                                            SHA-512:42D279952BA8359AD3F71E6696888C662E6F829F614444BE16C97D553C71E06BBA0A2F01BFF6C7FE3CC435C04DF8A4B1FEFFCDDA1E54B4167EE206FAEC59D75E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....b..........0..........p.....................................[........ .........................................+........................'...........................................`..(...................d................................text...ha.......b..................`.P`.data................f..............@.`..rdata..p............h..............@.`@.pdata...'.......(...V..............@.0@.xdata..L,...........~..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):27536
                                                                                                                                                                            Entropy (8bit):6.261734078833693
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:smfqkQfdUCUFYS9F6XP6rEhSSVYptTDbPdIG7UcIYiSy1pCQ7Rhp7:spdUC+y6rEhSSVYTPdIG7UNYiSyvdhp7
                                                                                                                                                                            MD5:E6BB918CC02CD270BAD449875577427C
                                                                                                                                                                            SHA1:5B22420AE4170858A6A2AA04A54ADC26B9A8051C
                                                                                                                                                                            SHA-256:2D8B41DAD8A8506870E6F2E2A5856C6C6C68A219F18BD88AD79C63CFA1366B1F
                                                                                                                                                                            SHA-512:B19353E0DF213525C466D5CB80F362AB1A22EAF9940F742B59DF1C2842E49594DB87A5119289DCA616FDFA3E808C7CEB26906E0FF8723AFC80AF768496FACA9C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.a....................@.......@.......@.......@..........................Z...............................Rich....................PE..d....y.a.........." .........6......................................................D!....`.........................................@C..L....C..d....p.......`.......L...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):75152
                                                                                                                                                                            Entropy (8bit):6.147254943521508
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:z1XB7kEDATyhAZ9/s+S+pxyXc/+lf7PdIGQwP7Syr:ZXB4EDXhAZ9/sT+px8c/Sz1IGQwP9
                                                                                                                                                                            MD5:79C2FF05157EF4BA0A940D1C427C404E
                                                                                                                                                                            SHA1:17DA75D598DEAA480CDD43E282398E860763297B
                                                                                                                                                                            SHA-256:F3E0E2F3E70AB142E7CE1A4D551C5623A3317FB398D359E3BD8E26D21847F707
                                                                                                                                                                            SHA-512:F91FC9C65818E74DDC08BBE1CCEA49F5F60D6979BC27E1CDB2EF40C2C8A957BD3BE7AEA5036394ABAB52D51895290D245FD5C9F84CC3CC554597AE6F85C149E1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w...............nk......c.......c.......c.......c......xc..........t....d......xc......xc......xc......xc......Rich....................PE..d....y.a.........." .....l.......... &.......................................P......v7....`.............................................P............0....... ..<............@..........T..............................8............................................text...Fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):156560
                                                                                                                                                                            Entropy (8bit):5.942876418107184
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:RYNRsSzeOfeC1uHv8MmouyETvb8VqH70NmHh4kwooSLteSdo9dRIGt7+ig:RYjPzeOfeYMvZuyvV0Dtho9dVg
                                                                                                                                                                            MD5:1ED0EF72A40268E300A611BA4AB20DFD
                                                                                                                                                                            SHA1:4D04D5911A6ED422308EA11D7B15821AF8F62585
                                                                                                                                                                            SHA-256:5860FE208122219A4071CC369D5001EDC3B08C13BD96156ABD1375E35401ACD0
                                                                                                                                                                            SHA-512:F72EA051ED50A09561414FC41D837C03CE44BE9D8E4C39F59133DD8A092C9F13FC942C58DC8517EDC149CAA3BF7D94FA6BDBE88CABC8CB3C6A02428676572F3E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.D...*...*...*.......*.D.+...*.D./...*.D.....*.D.)...*..+...*...+...*...+..*...+...*..'...*..*...*......*..(...*.Rich..*.................PE..d....y.a.........." ................l*....................................................`.............................................d............`.......P.......D.......p..8.......T...............................8...............x............................text...T........................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):21392
                                                                                                                                                                            Entropy (8bit):6.271052728197517
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:WvEaNKFDyeTxXK5DFIGewqcIYiSy1pCQIQhwv:WTNK4e9XK5DFIGewgYiSyvJhwv
                                                                                                                                                                            MD5:0162EDE31051183D9E23BADA8B7FD0AA
                                                                                                                                                                            SHA1:F4AD798660B81E9BFBBEC6E44BD5C4BFFCF5F3B2
                                                                                                                                                                            SHA-256:8F1C0151485055E65F174D779CFEFD2FAE601CA52F556EE3880E417EA6E43187
                                                                                                                                                                            SHA-512:17A5AF2CD7A9603F31BB3B796DAE13BA157886A4BC05665780FD54C1E30F1FAD76648D56E35C18E2B0C1379D1A83EC98CC97AB2DC4E968FE8D648DB3341C2201
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z4F.>U(.>U(.>U(.7-..<U(.l ).<U(.l -.5U(.l ,.6U(.l +.=U(.. ).<U(..').;U(.>U)..U(.. .?U(.. (.?U(.. ..?U(.. *.?U(.Rich>U(.........PE..d....y.a.........." .........&...... ........................................p............`......................................... )..L...l)..x....P.......@.......4.......`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata..f.... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):831571
                                                                                                                                                                            Entropy (8bit):5.700814153772732
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:gVghg9FMWyrVqF3IUQA4a2Y4dgVwOlfJEW4XSgMNn:gVghVVrDLa2oVwOlfJEW4fMNn
                                                                                                                                                                            MD5:0FFE117C16F44A32C0AED0080D4AE966
                                                                                                                                                                            SHA1:7F8317DE4FFA0ED54AA53AF202AED0F297ED1913
                                                                                                                                                                            SHA-256:28C1EFDFCF212AFFBD33649E3BAFA33D55F00AF5EC6BBF94692DF56FDC3D3B59
                                                                                                                                                                            SHA-512:4FD0C1C4C512DD0A7E35E2206619AFBFC9513BD96B160F9851CECBBA18ED2F128BB3817B30DA925D1515C3D484497C1B9C1139328BA4478023340693D4ECBE8C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:PK..........!.Q..M............_collections_abc.pyco........6.-........................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\certifi\cacert.pem

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):285222
                                                                                                                                                                            Entropy (8bit):6.049584029751259
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:QW1H/M8f9R0mNpliXCRrwADwYCuMEigT/Q5MSRqNb7d8l:QWN/vRLNL4CRrBC5MWavd0
                                                                                                                                                                            MD5:B18E918767D99291F8771414B76A8E65
                                                                                                                                                                            SHA1:EA544791B23E4A8F47ACE99B9D08B3609D511293
                                                                                                                                                                            SHA-256:A59FDE883A0EF9D74AB9DAD009689E00173D28595B57416C98B2EE83280C6E4C
                                                                                                                                                                            SHA-512:78A4EAC65754FB8D37C1DA85534D6E1DD0EB2B3535EF59D75C34A91D716AFC94258599B1078C03A4B81E142945B13E671EC46B5F2FCB8C8C46150AE7506E0D8D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\INSTALLER

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:pip.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):329
                                                                                                                                                                            Entropy (8bit):4.603126991268486
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:h9Co8FMjkDYc5tWreLBF/fIKY2mHxXaASvUSBT5+FLkYjivW:h9aWjM/mrGz3IKZvUSBT5+Jxi+
                                                                                                                                                                            MD5:8F65F43B29FEA29D36A0E6E551CCA681
                                                                                                                                                                            SHA1:DEF52585EE54F0B8841A097B871ABD5F5E94DB10
                                                                                                                                                                            SHA-256:970C6BC0FAB59117A0B65E9A6D5F787A991BEBE82AFF32A01C4E1A6E02F4E105
                                                                                                                                                                            SHA-512:A5DED62228355C40533E53592164CE9BF511D5F0B98478AD91558626DA02BD6D85185B8DA767338692C60ECB4AB6CBFB2E97EEE6530101A3AFF04CE8087687E8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:This software is made available under the terms of *either* of the licenses..found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made..under the terms of *both* these licenses.....The code used in the OS random engine is derived from CPython, and is licensed..under the terms of the PSF License Agreement...

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE.APACHE

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):11562
                                                                                                                                                                            Entropy (8bit):4.476412280491683
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:qf9fG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SgfH2:k1u9b01DY/rGBt+dc+aclkT8Sg+
                                                                                                                                                                            MD5:D3DC5ABBDBEF739DCFF4631C8026D71C
                                                                                                                                                                            SHA1:DABFE012BF7944B938C95845769414C1D5FA8BB9
                                                                                                                                                                            SHA-256:E8DE1A7393457E9C88768B78E6BA790622FBEFB040CE48194C2CB0F1B6D4E9FF
                                                                                                                                                                            SHA-512:C8245BD674A2EDB3CE191EC42E701E3E78AEFA3822846604EE0A8FBBB5D62B5372BE07EC8D4D1DD8F6E1DDFE65DAB1136FEE6917FF24445286EFEF99F908ECA2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.. Apache License.. Version 2.0, January 2004.. https://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, o

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE.BSD

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1559
                                                                                                                                                                            Entropy (8bit):5.097091815591564
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:NOWJbPrYJ0NCPiB432sVoY32s3EiP3tQHy:gWJbPrYJUNu3J3zVSS
                                                                                                                                                                            MD5:07BFF60D258208652DF09D36F7F94844
                                                                                                                                                                            SHA1:E37EC74CF1EC6B540A511EA75E04C3429DB39C57
                                                                                                                                                                            SHA-256:661D18932DD84BB263A8EE418AB7774ED94EEC33C83FD1DB5B533F78EB774CA4
                                                                                                                                                                            SHA-512:049659D6AC6681E209F30E1A6A12BA6118BEB96F032FD3E2583686EA562068E311C61CCD0785B0FC343ECBA094955C972ABCF9AE9B0A4503C56131F1A59A6F83
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Copyright (c) Individual contributors...All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are met:.... 1. Redistributions of source code must retain the above copyright notice,.. this list of conditions and the following disclaimer..... 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... 3. Neither the name of PyCA Cryptography nor the names of its contributors.. may be used to endorse or promote products derived from this software.. without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE.PSF

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2456
                                                                                                                                                                            Entropy (8bit):5.053763055088611
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:xUXkp7vXkzpXFlYPXc/XFbwDt3XF2iDPGkvAuXF1f0T2sMtQVHiioTxmynXh2XFQ:KXwDXklHYPXaAt3ZSkYuyCQ4hTcynx26
                                                                                                                                                                            MD5:36F8D9BAB4000E435033D3CDB2E85E9B
                                                                                                                                                                            SHA1:003076B91D93233F389AB5DB052C04386620BB76
                                                                                                                                                                            SHA-256:C2ED0F2724ACA6CEC716CE169FD22C91B79A21FF625C3725D5C71BE1A7977430
                                                                                                                                                                            SHA-512:48396B8D7DD14A10C3941788DFED9FF0699C413328FA086CF1D7DCB5E4ED538AEC98541A758B169E271C3DD9BE6056E2EEA0853A6F6DA9C44D865718425DBF9E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and.. the Individual or Organization ("Licensee") accessing and otherwise using Python.. 2.7.12 software in source or binary form and its associated documentation.....2. Subject to the terms and conditions of this License Agreement, PSF hereby.. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,.. analyze, test, perform and/or display publicly, prepare derivative works,.. distribute, and otherwise use Python 2.7.12 alone or in any derivative.. version, provided, however, that PSF's License Agreement and PSF's notice of.. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights.. Reserved" are retained in Python 2.7.12 alone or in any derivative version.. prepared by Licensee.....3. In the event Licensee prepares a derivative work that is based on or.. incorporates Python 2.7.12 or any part thereof, and wants to make the.. derivative work

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\METADATA

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5434
                                                                                                                                                                            Entropy (8bit):5.111366191178416
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:DDhVUvQIUQIhQIKQILbQIRIaMmPktjxsx5nv1AnivAEYaCjF0ErDmpklE2jQecwX:oYcPuPfsBvunivAEYaCjF0ErDmpklE2x
                                                                                                                                                                            MD5:103327F82BD07D33530E95181C94F9A5
                                                                                                                                                                            SHA1:852A8DCE3B0232BD6E5943CF61FB51778D53EB9B
                                                                                                                                                                            SHA-256:C5344000C01BDDC1EA5B57170A174AF535CE586DA0861CFEB1D7E6457BD7AEA5
                                                                                                                                                                            SHA-512:986EFCD2816F5A4A765CDA90BBBADD1E4F5D3553E2ECA49F6F277CBC7B33D5DDF38E472FC2CE1F13AFC1ABABC74C04020E0A9B48E0A22F8E2FF14A897B167FD3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: cryptography.Version: 37.0.4.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The Python Cryptographic Authority and individual contributors.Author-email: cryptography-dev@python.org.License: BSD-3-Clause OR Apache-2.0.Project-URL: Documentation, https://cryptography.io/.Project-URL: Source, https://github.com/pyca/cryptography/.Project-URL: Issues, https://github.com/pyca/cryptography/issues.Project-URL: Changelog, https://cryptography.io/en/latest/changelog/.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Class

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\RECORD

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15889
                                                                                                                                                                            Entropy (8bit):5.542903319592049
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:DXNhudIBxy0jX1sjzarQ4Oy3W1HepPNyZGBDLkae:Dvu6BjTLLC
                                                                                                                                                                            MD5:28DD4D29EDE55272C2BDCD4128D20BFF
                                                                                                                                                                            SHA1:715A6C1D5D8CD44CBFC4872BBE803AB5716F7B49
                                                                                                                                                                            SHA-256:DEF15B76024668207D2EAA70A78E867415E17B6C9651F3D17C49B54F1FC3D2B4
                                                                                                                                                                            SHA-512:B4E6216E4D80006A25916C61386D6A728394834A424164E7E067C1770200427FF3BF39810A92A3F69B14701813075661146FEB186949A135CA841B1C004C6E19
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:cryptography-37.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-37.0.4.dist-info/LICENSE,sha256=lwxrwPq1kRegtl6abV94epkb6-gq_zKgHE4abgL04QU,329..cryptography-37.0.4.dist-info/LICENSE.APACHE,sha256=6N4ac5NFfpyIdot45rp5BiL777BAzkgZTCyw8bbU6f8,11562..cryptography-37.0.4.dist-info/LICENSE.BSD,sha256=Zh0Yky3YS7JjqO5Bird3TtlO7DPIP9HbW1M_eOt3TKQ,1559..cryptography-37.0.4.dist-info/LICENSE.PSF,sha256=wu0PJySsps7HFs4Wn9IskbeaIf9iXDcl1ccb4aeXdDA,2456..cryptography-37.0.4.dist-info/METADATA,sha256=xTRAAMAb3cHqW1cXChdK9TXOWG2ghhz-sdfmRXvXrqU,5434..cryptography-37.0.4.dist-info/RECORD,,..cryptography-37.0.4.dist-info/WHEEL,sha256=nYCSW5p8tLyDU-wbqo3uRlCluAzwxLmyyRK2pVs4-Ag,100..cryptography-37.0.4.dist-info/top_level.txt,sha256=zYbdX67v4JFZPfsaNue7ZV4-mgoRqYCAhMsNgt22LqA,22..cryptography/__about__.py,sha256=faxkUiE2bBSzSgtjgJ-beVDEW-CO_1hPe1MuwUZbzc0,432..cryptography/__init__.py,sha256=nhedhGi0RRlu5-T65qB364Q-onagWl0wvDZym5NaL2w,777..cryptography/__pycach

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\WHEEL

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):100
                                                                                                                                                                            Entropy (8bit):5.000336540814903
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlViZHKRRP+tkKc5vKQLn:RtBMwlViojWK/SQLn
                                                                                                                                                                            MD5:FD7C45A29F7B2371E832F4D0A8B2DB64
                                                                                                                                                                            SHA1:D2227C6F4CD8A948E4A4CA6BF2592E9700383EB1
                                                                                                                                                                            SHA-256:9D80925B9A7CB4BC8353EC1BAA8DEE4650A5B80CF0C4B9B2C912B6A55B38F808
                                                                                                                                                                            SHA-512:AEF644A24B948DC30C2097D53CD5D412C85958E7846720F4E3693F42924597F6924BD24E1B083B2EC57E7BA08C54DBDCA3C1AE73AC2322CD1A575F06BB4D1D90
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\top_level.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):22
                                                                                                                                                                            Entropy (8bit):3.7887549139935035
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:DA1JEOv:DUVv
                                                                                                                                                                            MD5:6DB3CE9E78C8F56F58CDF1B221C0884B
                                                                                                                                                                            SHA1:D8D1BA8EE6C2A5EED9CB39B170EE08012AB41E11
                                                                                                                                                                            SHA-256:CD86DD5FAEEFE091593DFB1A36E7BB655E3E9A0A11A9808084CB0D82DDB62EA0
                                                                                                                                                                            SHA-512:6F8AB5DA07A237C2BD6DA073A66125EB0CA754389CB84671D68D0DA4122AD6DDA58336900B1100D235814B16EFB970A2C3FBAF91B82366808DAA81A63EAE31AE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:_openssl.cryptography.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3962880
                                                                                                                                                                            Entropy (8bit):6.5600156596934625
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:LIU6ioeGtlqTVwASOICDs+JhX3wHqg+dhptXdqCHJYN1QwhIC4Fjz80nciTOzNqm:k+IkEs7JYNgFjz80cDh1YFZdZBT
                                                                                                                                                                            MD5:8A2C06F1015C438CB38FFE8B1CDAD831
                                                                                                                                                                            SHA1:A3FBED5033E9658043D18AF54543D7938037E08F
                                                                                                                                                                            SHA-256:811441D49208C88B7B6B7133A9FD8F2FB969659563D3F2C80584D2F12338E020
                                                                                                                                                                            SHA-512:7FD89967A4C8A041D6949AE37C0544E7694ADE9055AB828C25ADD4D0359E170BF6543BAFD2EC4B8116ABEFB176B26229C730F3D085983718E0100AAE659F3CE1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P...(7..P...*...P...*...P...*...P...*...P.._$...P...(...P...P..MP...P...P...*...S...*...P...*...P...*[..P...*...P..Rich.P..........PE..d....<.b.........." ... .T+..L......pU+.......................................<...........`...........................................9.P...`.9.h.....<.......:.............. <.p...p.7.............................0.7.@............p+.p............................text....S+......T+................. ..`.rdata.......p+......X+.............@..@.data........09.......9.............@....pdata........:.......9.............@..@.rsrc.........<.......;.............@..@.reloc..p.... <.......;.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1593344
                                                                                                                                                                            Entropy (8bit):6.148502058477941
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:j/bXNabjIX1FSCD2Ai8tExl6/RA11zz5Wp3BabkGon9wC3f+um4aFu:PQjIX1FSCD2Ai8tE2aYUz
                                                                                                                                                                            MD5:3C96F548076A8A0587517DB899FB09AE
                                                                                                                                                                            SHA1:36F252F529DD6DFB0E3A5FD0298EE817DCFED8BD
                                                                                                                                                                            SHA-256:8168767337ED93D3341C583F1D8B0CF8956C3CDF3BD6428AF7A3DDBAF206CC08
                                                                                                                                                                            SHA-512:3EB7665F7D0D70530F7BED28DD0606FAF97D7A2EA1277D302301EDC278AB0AB79DCAECC1F89591211F2B63478F6984395754029B91A127163CC2271D24ED51D9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.G.8...8...8...@v..8...B...8...B...8...B...8...B...8...@...8..RL...8...8...8...8..08...B...8...B...8..Rich.8..........................PE..d...}<.b.........." ... .*...$............................................................`..........................................v..X...Hw..................X............p..P...`...T.......................(... ...@............@...............................text....).......*.................. ..`.rdata...H...@...J..................@..@.data................x..............@....pdata..X...........................@..@.reloc..P....p.......<..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3438840
                                                                                                                                                                            Entropy (8bit):6.094542623790425
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:DTKuk2HvIU6iwpOjPWBdwQN+5X2uyWsrV4+OGyu1BYGx6KCIrA9NPe0Cs5Z1CPwE:Pg+Hb5Wt+2BoBIcU0CsD1CPwDv3uFfJZ
                                                                                                                                                                            MD5:63C756D74C729D6D24DA2B8EF596A391
                                                                                                                                                                            SHA1:7610BB1CBF7A7FDB2246BE55D8601AF5F1E28A00
                                                                                                                                                                            SHA-256:17D0F4C13C213D261427EE186545B13EF0C67A99FE7AD12CD4D7C9EC83034AC8
                                                                                                                                                                            SHA-512:D9CF045BB1B6379DD44F49405CB34ACF8570AED88B684D0AB83AF571D43A0D8DF46D43460D3229098BD767DD6E0EF1D8D48BC90B9040A43B5469CEF7177416A2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................0.........................3........^....^.....^....^.\...^....Rich............................PE..d....A.a.........." ......$...................................................5.......4...`..........................................h/..h...:4.@....p4.|....`2.h....\4.......4..O..,.,.8...........................p.,.8............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..8....`2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..c....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...x....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\libffi-7.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32792
                                                                                                                                                                            Entropy (8bit):6.3566777719925565
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                            MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                            SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                            SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                            SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\libssl-1_1.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):698104
                                                                                                                                                                            Entropy (8bit):5.531132600342763
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:tgH+zxL52Y1Ag5EbSJyin89m8GXfbmednWAeO6GKaf525eWP8U2lvzI:DD1Ag5h/L5mO6GVf52se8U2lvzI
                                                                                                                                                                            MD5:86556DA811797C5E168135360ACAC6F2
                                                                                                                                                                            SHA1:42D868FC25C490DB60030EF77FBA768374E7FE03
                                                                                                                                                                            SHA-256:A594FC6FA4851B3095279F6DC668272EE975E7E03B850DA4945F49578ABE48CB
                                                                                                                                                                            SHA-512:4BA4D6BFFF563A3F9C139393DA05321DB160F5AE8340E17B82F46BCAF30CBCC828B2FC4A4F86080E4826F0048355118EF21A533DEF5E4C9D2496B98951344690
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!9._@W^_@W^_@W^V8.^S@W^.7V_]@W^.2V_]@W^.7R_T@W^.7S_W@W^.7T_[@W^.7V_\@W^_@V^.AW^.7S_s@W^.7W_^@W^.7.^^@W^.7U_^@W^Rich_@W^........PE..d....A.a.........." .....<...T......<...............................................)&....`.........................................00...N..HE..........s.......|M..............t...t...8...............................8............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..c............d..............@..@.rsrc...s............f..............@..@.reloc..]............n..............@..B................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):192400
                                                                                                                                                                            Entropy (8bit):6.331661708582381
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:7UV1H8t//ZpdhxqMO2lr9JuB9OSH4ZCXRfWiTayyTvfvaycv0XOgeEnnRPcsR+2U:yVG/Ddh5r9JuB0SDfV9yTvfvx+Zj
                                                                                                                                                                            MD5:F3630FA0CA9CB85BFC865D00EF71F0AA
                                                                                                                                                                            SHA1:F176FDB823417ABEB54DAED210CF0BA3B6E02769
                                                                                                                                                                            SHA-256:AC1DFB6CDEEADBC386DBD1AFDDA4D25BA5B9B43A47C97302830D95E2A7F2D056
                                                                                                                                                                            SHA-512:B8472A69000108D462940F4D2B5A611E00D630DF1F8D6041BE4F7B05A9FD9F8E8AA5DE5FE880323569AC1B6857A09B7B9D27B3268D2A83A81007D94A8B8DA0FF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B.J.B.J.B.J.::J.B.J.7.K.B.J.7.K.B.J.7.K.B.J.7.K.B.J57.K.B.J\0.K.B.J.B.J.B.J57.K.B.J57.K.B.J57VJ.B.J57.K.B.JRich.B.J................PE..d....y.a.........." ................p................................................8....`.............................................P...P........................................4..T...........................P5..8............ ...............................text............................... ..`.rdata..|.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):62352
                                                                                                                                                                            Entropy (8bit):5.969350602670095
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:4st8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJ1:Ttwewnvtjnsfw9PdIGQ0P7Sy1R
                                                                                                                                                                            MD5:C38E9571F33898EB9F3DA53DC29B512F
                                                                                                                                                                            SHA1:5BE348C829B6DFA008D0DD239414AD388E5D7ACE
                                                                                                                                                                            SHA-256:70596AEA8C5CA8F3BF88E46A0606522413B50208EC9FCC6B706F7A064CF83B79
                                                                                                                                                                            SHA-512:1704BE273E3485013282C269FC974558683204639FCCFB46E6EB640C64A0769A21572A07EE62FE1D5EB1EED4D1419F2293D6E4FD8193CAAFE128C6D66BD48F6E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.K.l...d.K.d...d.K.....d.K.f...d.Rich..d.........PE..d....y.a.........." ......................................................................`.........................................`...`...............................................T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\python310.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4453776
                                                                                                                                                                            Entropy (8bit):6.4554098557218
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:wplyWz2QcN6iPdzYjz0AMs9Kt2KnX0OCpFLoFnAcECdNCsugztL0DD9fIysVHkDx:sximj29G5H+ywH+MWqlgdMW
                                                                                                                                                                            MD5:C6C37B848273E2509A7B25ABE8BF2410
                                                                                                                                                                            SHA1:B27CFBD31336DA1E9B1F90E8F649A27154411D03
                                                                                                                                                                            SHA-256:B7A7F3707BEAB109B66DE3E340E3022DD83C3A18F444FEB9E982C29CF23C29B8
                                                                                                                                                                            SHA-512:222AD791304963A4B8C1C6055E02C0C4C47FCE2BB404BD4F89C022FF9706E29CA6FA36C72350FBF296C8A0E3E48E3756F969C003DD1EB056CD026EFE0B7EBA40
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...A...4...[n..4...A...4...A...4...A...4...L...4..zF...4...4...5...A..i4...A...4...Al..4...A...4..Rich.4..................PE..d....y.a.........." .....j#..^!.....l.........................................E......ND...`...........................................<.....X.=.|....pD......PB.......C.......D..t....$.T...........................0.$.8.............#.(............................text...>h#......j#................. ..`.rdata...+....#..,...n#.............@..@.data.........=.......=.............@....pdata.......PB......DA.............@..@PyRuntim`....`D......RC.............@....rsrc........pD......VC.............@..@.reloc...t....D..v...`C.............@..B................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\pywintypes310.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):137216
                                                                                                                                                                            Entropy (8bit):6.005880156088182
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:bnfstBwsNJzuMZnYrrC0DdZLN+yeLEKoPUZlB+u:zGys7KoYrrC0LxeYK4UZlB
                                                                                                                                                                            MD5:A44F3026BAF0B288D7538C7277DDAF41
                                                                                                                                                                            SHA1:C23FBDD6A1B0DC69753A00108DCE99D7EC7F5EE3
                                                                                                                                                                            SHA-256:2984DF073A029ACF46BCAED4AA868C509C5129555ED70CAC0FE2235ABDBA6E6D
                                                                                                                                                                            SHA-512:9699A2629F9F8C74A7D078AE10C9FFE5F30B29C4A2C92D3FCD2096DC2EDCEB71C59FD84E9448BB0C2FB970E2F4ADE8B3C233EBF673C47D83AE40D12A2317CA98
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<.z.<.z.<.z.5..0.z.n.{.>.z..,..=.z.n...(.z.n.~.4.z.n.y.>.z.Y.~.=.z...{.>.z.Y.{.7.z.<.{..z...s.1.z...z.=.z...x.=.z.Rich<.z.................PE..d...&Dgc.........." .........".......).......................................`............`.............................................dB..D........@..l.... ...............P.. ...Pn..T............................n..................x............................text...\........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc.. ....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\select.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):26000
                                                                                                                                                                            Entropy (8bit):6.339693503329678
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:NUTqPjk/7e12hwheCPHqqYBsVRXPdIG7GxIYiSy1pCQFC67hEQ:iTgUC2hwh7HqbYVPdIG7GmYiSyvD7hF
                                                                                                                                                                            MD5:431464C4813ED60FBF15A8BF77B0E0CE
                                                                                                                                                                            SHA1:9825F6A8898E38C7A7DDC6F0D4B017449FB54794
                                                                                                                                                                            SHA-256:1F56DF23A36132F1E5BE4484582C73081516BEE67C25EF79BEEE01180C04C7F0
                                                                                                                                                                            SHA-512:53175384699A7BB3B93467065992753B73D8F3A09E95E301A1A0386C6A1224FA9ED8FA42C99C1FFBCFA6377B6129E3DB96E23750E7F23B4130AF77D14AC504A0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N...O...N...K...N...J...N...M...N.t.O...N...O...N...O...N.t.C...N.t.N...N.t.....N.t.L...N.Rich..N.................PE..d....y.a.........." .........0............................................................`.........................................`@..L....@..x....p.......`.......F..........H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\common\mutation-listener.js

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1944
                                                                                                                                                                            Entropy (8bit):4.675116854336413
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:G+SxKWxZZCg10kH11G4UQzNgxgWLlAziLhVGYTo:G+SQWbZC8hHnG4JRgxgWOJ
                                                                                                                                                                            MD5:81F59E36BDE07E051C3CB92A4986B327
                                                                                                                                                                            SHA1:676E0A28A5A1353E89469ACAAD1B08ADC62C795D
                                                                                                                                                                            SHA-256:2C2083C9A49F65C510D68D3620A57D4DFEDC8DC0FCC32524C1CCB11C6329EA07
                                                                                                                                                                            SHA-512:02562FC9AC369BC1994934B371DB8D550638430CBC7F7729DD7B3A95E90F4E53A205A62318803D021041DE362B0ED47752AD910CBDC742BEF6645A20AA96A1FA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:// Licensed to the Software Freedom Conservancy (SFC) under one.// or more contributor license agreements. See the NOTICE file.// distributed with this work for additional information.// regarding copyright ownership. The SFC licenses this file.// to you under the Apache License, Version 2.0 (the.// "License"); you may not use this file except in compliance.// with the License. You may obtain a copy of the License at.//.// http://www.apache.org/licenses/LICENSE-2.0.//.// Unless required by applicable law or agreed to in writing,.// software distributed under the License is distributed on an.// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY.// KIND, either express or implied. See the License for the.// specific language governing permissions and limitations.// under the License...(function () {. const observer = new MutationObserver((mutations) => {. for (const mutation of mutations) {. switch (mutation.type) {. case 'attributes':. // Don't report

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\firefox\webdriver_prefs.json

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2826
                                                                                                                                                                            Entropy (8bit):4.690644304617203
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:9SVI+Lhz3Oa0KUP8OZsUR4lckTgo6OxRLi//FPa+tLkglKgfgfOHSllrK/rTDzL+:/+trOa0KUP8OZ4ZUFPa+tAFEkOy7aTD+
                                                                                                                                                                            MD5:648D3DABABB0C714EE9A2D4A8FA4E39F
                                                                                                                                                                            SHA1:762AC0A8D883C8C05059F1815A35F6B55464B7C2
                                                                                                                                                                            SHA-256:946ADD298A5E2346E3D53D1CBE8AD7C33E4994130511F6D8B79268BE50B7A34C
                                                                                                                                                                            SHA-512:51B2ED36C8BB61EBA99406492B2F6928DB0DB413A8F60E30FDAB74D689247B8C83F0E790D8F6AEE370E0F2E27FD565F4A87608CDC547C752514F1476E6DC89AA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{. "frozen": {. "app.update.auto": false,. "app.update.enabled": false,. "browser.displayedE10SNotice": 4,. "browser.download.manager.showWhenStarting": false,. "browser.EULA.override": true,. "browser.EULA.3.accepted": true,. "browser.link.open_external": 2,. "browser.link.open_newwindow": 2,. "browser.offline": false,. "browser.reader.detectedFirstArticle": true,. "browser.safebrowsing.enabled": false,. "browser.safebrowsing.malware.enabled": false,. "browser.search.update": false,. "browser.selfsupport.url" : "",. "browser.sessionstore.resume_from_crash": false,. "browser.shell.checkDefaultBrowser": false,. "browser.tabs.warnOnClose": false,. "browser.tabs.warnOnOpen": false,. "datareporting.healthreport.service.enabled": false,. "datareporting.healthreport.uploadEnabled": false,. "datareporting.healthreport.service.firstRun": false,. "datareporting.healthreport.logging.consoleEnabled": false,. "datareporting.poli

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote\findElements.js

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (2269)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):53824
                                                                                                                                                                            Entropy (8bit):5.477971537716615
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:AXJFPWr+DEqXMn9XM3UkGdEMT8TZZ/6B0clWuF2ZCtYuSn6B:ITU7dW62clW02s3
                                                                                                                                                                            MD5:9E69F9A88022723BC82E0591C5E157C4
                                                                                                                                                                            SHA1:C081C09A148FE317F740A3F0054DF6579BF60A96
                                                                                                                                                                            SHA-256:79C706A9230B156A30EE530803CFD87C0AC06BA5FECFED2243D1D60529C1113A
                                                                                                                                                                            SHA-512:2856971F9CB3BCA8887F9BB84E66610750366402B4B80892AC1269EB9D6078FD546AECFFB048CE0E5EA9027B276C51414594CC7052292076D74972414FD3C638
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:function(){return (function(){var aa=this||self;function ba(a){return"string"==typeof a}function ca(a,b){a=a.split(".");var c=aa;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function da(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function ea(a){return"function"==da(a)}function ha(a){var b=typeof a;return

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote\getAttribute.js

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1587)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):43157
                                                                                                                                                                            Entropy (8bit):5.4711439829805295
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:V7p/8YXWW4BJinqX46z3wlU0koCF2TPO2bRmeJbNV9c:V7p/JWFBJinqXNm3nCwPgAc
                                                                                                                                                                            MD5:F05A5E91E83CD5CA39FBDED566E30E4C
                                                                                                                                                                            SHA1:A7273098A868272944881E6F87838E69CDF9DB44
                                                                                                                                                                            SHA-256:2186EA70072C63DDB4AD89F2315A7909A9B4A97F52A69957C74DA72641CDAE6A
                                                                                                                                                                            SHA-512:72819C5DDA934955C9F35ECD8724AF965634C1C50B530A81D48A4F167CC815A896180E414790BC0E33C8BC4176C8C777AAB01D3C47C7FFE2818C242EDE8160AA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:function(){return (function(){var h=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=h;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}funct

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote\isDisplayed.js

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1724)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):43996
                                                                                                                                                                            Entropy (8bit):5.482916356843218
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:i5WDMeWWcwpdin/XLwXEWb1sHddFZ/R0o7BnF6LRkVZhYiJEKLuP:i50VWWppdin/Xk7buHdp/R0cF6+VZhzW
                                                                                                                                                                            MD5:B3122D6B9700A669111247D95460AC05
                                                                                                                                                                            SHA1:A14AF0130FC408719B1BA1AF81C03F54AC9D3F20
                                                                                                                                                                            SHA-256:EBDA4033FAA32130BFCA4B7A0B3DF41565A99301DF9331054B18F7932B34C388
                                                                                                                                                                            SHA-512:B74BACEBDE59767E18151F5A6E9E735C0243ADA4915BC1B9BBBFE276ADF4830D4B071C1A7AFE52E7A7558A8F9D3C464F329748CAB67864BAEBF05D5E398C7ED4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:function(){return (function(){var k=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=k;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a,b,c){return a.call.apply(a.bind,arguments)}function ea(a,b,c){i

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1118608
                                                                                                                                                                            Entropy (8bit):5.375765997910847
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:ArlBMmuZ63NNQCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uOVg:mlBuqZV0m81MMREtV6Vo4uYOVg
                                                                                                                                                                            MD5:D1182BA27939104010B6313C466D49FF
                                                                                                                                                                            SHA1:7870134F41BA5333294C927DBD77D3F740AC87E7
                                                                                                                                                                            SHA-256:1AC171F51CC87F268617B4A635B2331D5991D987D32BB206DD4E38033449C052
                                                                                                                                                                            SHA-512:EF26A2C8B0094792E10CEABBF4D11724A9368D96F888240581A15D7A551754C1484F6B2ED1B963A73B686495C7952D9CB940021028D4F230B0B47D0794607D0F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.$z8OJ)8OJ)8OJ)17.)>OJ)j:K(:OJ)j:O(4OJ)j:N(0OJ)j:I(;OJ).:K(;OJ).=K(:OJ)8OK)iOJ).:G(9OJ).:J(9OJ).:.)9OJ).:H(9OJ)Rich8OJ)........................PE..d....y.a.........." .....B..........`*.......................................@......5.....`.............................................X...(........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pyd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):27648
                                                                                                                                                                            Entropy (8bit):5.45361083133999
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:A2hm1rbrcX2HtDD7qxukRVCsdRHSAHjB9SJcE4H0Kuyw:+1rbdleFRVCmRD3RGy
                                                                                                                                                                            MD5:C8C57F29DA0D5D46ECEB2FD58BA83865
                                                                                                                                                                            SHA1:217DFF02763F01A5F91615C27BA912453775A5DE
                                                                                                                                                                            SHA-256:E48C71D64001EA62C232EE43FEF7C27BA6268E217B2B81666705BE33D9E12EC9
                                                                                                                                                                            SHA-512:EECC4C57609E914B1C9E9E64C30B2257C9AD763C75E919AB50122D72D911723111A86638E3D288F61994EA7FAEAFA2CFDE1CF3D2407D622CB14F901FFF6C45B4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.[.&j5.&j5.&j5./..."j5.t.4.$j5.t.0.-j5.t.1..j5.t.6.$j5..4.$j5..4.$j5.C.4./j5.&j4.Lj5..<.'j5..5.'j5..7.'j5.Rich&j5.................PE..d...B.ec.........." .........:......X.....................................................`.........................................@Y..\....Y..........t.......................x....M..T............................M...............@...............................text....-.......................... ..`.rdata...(...@...*...2..............@..@.data...H....p.......\..............@....pdata...............`..............@..@.rsrc...t............f..............@..@.reloc..x............j..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                            Entropy (8bit):7.9935693044459875
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win64 Executable Console (202006/5) 77.37%
                                                                                                                                                                            • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                            File name:KuponcuBaba.exe
                                                                                                                                                                            File size:9945512
                                                                                                                                                                            MD5:d6c3bf64cc7cb131d467246ce5a4c455
                                                                                                                                                                            SHA1:2ea0b0bda586aeaef818445f48eae6edca8b9901
                                                                                                                                                                            SHA256:d91890315262e8a77c565b54baa5f82cbd32451bbe4293bcd8b1918a3d2e0aa1
                                                                                                                                                                            SHA512:7048d585c96d7a0c96154e5dd29d47379713f31e68404f04b582d5798c5bfe2980ea8220e78de7962b0b4e2fe8dbf2884298d9f8c25b258a05574da7b310ea7e
                                                                                                                                                                            SSDEEP:196608:F4FR1/wbITLwOjUqamvdsCncq4njQthsiHz5n7kMJgyZetlaFPhavejj:iR1obI/hvaCncvnKhsAn7LJ0tMXIej
                                                                                                                                                                            TLSH:ACA63344B7A048F8F877517C8027CA1ADAB2B8922722C15B077A83775F433E25E7B759
                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............@I..@I..@Ir.CH..@Ir.EH..@Ir.DH..@I...I..@I..EH..@I..DH..@I..CH..@Ir.AH..@I..AI..@I..DH..@I..BH..@IRich..@I...............

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:f0c6a08292d6c6d4

                                                                                                                                                                            Static PE Info

                                                                                                                                                                            General

                                                                                                                                                                            Entrypoint:0x14000a330
                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x63A3C1AB [Thu Dec 22 02:32:11 2022 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                            OS Version Minor:2
                                                                                                                                                                            File Version Major:5
                                                                                                                                                                            File Version Minor:2
                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                            Subsystem Version Minor:2
                                                                                                                                                                            Import Hash:0bbecc8e9f9f17b0ea9cc3899b15e5cf

                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                            Instruction
                                                                                                                                                                            dec eax
                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                            call 00007F91D8E4326Ch
                                                                                                                                                                            dec eax
                                                                                                                                                                            add esp, 28h
                                                                                                                                                                            jmp 00007F91D8E42BCFh
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            inc eax
                                                                                                                                                                            push ebx
                                                                                                                                                                            dec eax
                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                            call dword ptr [0001FDC3h]
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov ecx, ebx
                                                                                                                                                                            call dword ptr [0001FDB2h]
                                                                                                                                                                            call dword ptr [0001FD3Ch]
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                            mov edx, C0000409h
                                                                                                                                                                            dec eax
                                                                                                                                                                            add esp, 20h
                                                                                                                                                                            pop ebx
                                                                                                                                                                            dec eax
                                                                                                                                                                            jmp dword ptr [0001FDA8h]
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov dword ptr [esp+08h], ecx
                                                                                                                                                                            dec eax
                                                                                                                                                                            sub esp, 38h
                                                                                                                                                                            mov ecx, 00000017h
                                                                                                                                                                            call dword ptr [0001FD94h]
                                                                                                                                                                            test eax, eax
                                                                                                                                                                            je 00007F91D8E42D69h
                                                                                                                                                                            mov ecx, 00000002h
                                                                                                                                                                            int 29h
                                                                                                                                                                            dec eax
                                                                                                                                                                            lea ecx, dword ptr [00041CEAh]
                                                                                                                                                                            call 00007F91D8E42F2Eh
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov eax, dword ptr [esp+38h]
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov dword ptr [00041DD1h], eax
                                                                                                                                                                            dec eax
                                                                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                                                                            dec eax
                                                                                                                                                                            add eax, 08h
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov dword ptr [00041D61h], eax
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov eax, dword ptr [00041DBAh]
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov dword ptr [00041C2Bh], eax
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov eax, dword ptr [esp+40h]
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov dword ptr [00041D2Fh], eax
                                                                                                                                                                            mov dword ptr [00041C05h], C0000409h
                                                                                                                                                                            mov dword ptr [00041BFFh], 00000001h
                                                                                                                                                                            mov dword ptr [00000009h], 00000000h

                                                                                                                                                                            Data Directories

                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3b8e40x3c.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1cb8.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x540000x754.reloc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x392c00x1c.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x391800x140.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                            Sections

                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x10000x287b00x28800False0.5567551601080247zlib compressed data6.497436024881472IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rdata0x2a0000x1246a0x12600False0.5137117346938775data5.832751054611758IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .data0x3d0000x103e80xe00False0.130859375data1.806338290884056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .pdata0x4e0000x20c40x2200False0.4762178308823529data5.314207607074194IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            _RDATA0x510000x15c0x200False0.39453125data2.8411284312485376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rsrc0x520000x1cb80x1e00False0.334375data5.206372071267865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .reloc0x540000x7540x800False0.54345703125data5.23056010770353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                            Resources

                                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                                            RT_ICON0x520e80x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4608
                                                                                                                                                                            RT_GROUP_ICON0x537100x14data
                                                                                                                                                                            RT_MANIFEST0x537240x591XML 1.0 document, ASCII text, with CRLF line terminators

                                                                                                                                                                            Imports

                                                                                                                                                                            DLLImport
                                                                                                                                                                            KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, FreeLibrary, LoadLibraryExW, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, GetStartupInfoW, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW
                                                                                                                                                                            ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Jan 5, 2023 08:55:27.388087988 CET4970380192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.447922945 CET8049703159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.448067904 CET4970380192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.453983068 CET4970380192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.513797045 CET8049703159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.513875961 CET8049703159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.547445059 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.547523022 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.547619104 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.570631981 CET4970380192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.602269888 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.602312088 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.744771957 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.746862888 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.746901989 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.748678923 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.748784065 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.750565052 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.750575066 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.750881910 CET44349704159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.750904083 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.750943899 CET49704443192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.751301050 CET4970380192.168.2.5159.253.33.92
                                                                                                                                                                            Jan 5, 2023 08:55:27.810822964 CET8049703159.253.33.92192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.810923100 CET4970380192.168.2.5159.253.33.92

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Jan 5, 2023 08:55:27.285583019 CET5144153192.168.2.58.8.8.8
                                                                                                                                                                            Jan 5, 2023 08:55:27.376822948 CET53514418.8.8.8192.168.2.5
                                                                                                                                                                            Jan 5, 2023 08:55:27.527105093 CET4917753192.168.2.58.8.8.8
                                                                                                                                                                            Jan 5, 2023 08:55:27.544616938 CET53491778.8.8.8192.168.2.5

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Jan 5, 2023 08:55:27.285583019 CET192.168.2.58.8.8.80xff23Standard query (0)sunucu.troyagame.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Jan 5, 2023 08:55:27.527105093 CET192.168.2.58.8.8.80xdf93Standard query (0)sunucu.troyagame.comA (IP address)IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Jan 5, 2023 08:55:27.376822948 CET8.8.8.8192.168.2.50xff23No error (0)sunucu.troyagame.com159.253.33.92A (IP address)IN (0x0001)false
                                                                                                                                                                            Jan 5, 2023 08:55:27.544616938 CET8.8.8.8192.168.2.50xdf93No error (0)sunucu.troyagame.com159.253.33.92A (IP address)IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • sunucu.troyagame.com

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            0192.168.2.549703159.253.33.9280C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            Jan 5, 2023 08:55:27.453983068 CET0OUTGET / HTTP/1.1
                                                                                                                                                                            Host: sunucu.troyagame.com
                                                                                                                                                                            User-Agent: python-requests/2.28.1
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Jan 5, 2023 08:55:27.513875961 CET1INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                            content-type: text/html
                                                                                                                                                                            content-length: 707
                                                                                                                                                                            date: Thu, 05 Jan 2023 07:55:27 GMT
                                                                                                                                                                            location: https://sunucu.troyagame.com/
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:1
                                                                                                                                                                            Start time:08:55:02
                                                                                                                                                                            Start date:05/01/2023
                                                                                                                                                                            Path:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            Imagebase:0x7ff6f8450000
                                                                                                                                                                            File size:9945512 bytes
                                                                                                                                                                            MD5 hash:D6C3BF64CC7CB131D467246CE5A4C455
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:3
                                                                                                                                                                            Start time:08:55:02
                                                                                                                                                                            Start date:05/01/2023
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                                            File size:625664 bytes
                                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:7
                                                                                                                                                                            Start time:08:55:08
                                                                                                                                                                            Start date:05/01/2023
                                                                                                                                                                            Path:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                            Imagebase:0x7ff6f8450000
                                                                                                                                                                            File size:9945512 bytes
                                                                                                                                                                            MD5 hash:D6C3BF64CC7CB131D467246CE5A4C455
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:8
                                                                                                                                                                            Start time:08:55:09
                                                                                                                                                                            Start date:05/01/2023
                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                            Imagebase:0x7ff627730000
                                                                                                                                                                            File size:273920 bytes
                                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:9
                                                                                                                                                                            Start time:08:55:25
                                                                                                                                                                            Start date:05/01/2023
                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c @echo off
                                                                                                                                                                            Imagebase:0x7ff627730000
                                                                                                                                                                            File size:273920 bytes
                                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:10
                                                                                                                                                                            Start time:08:55:26
                                                                                                                                                                            Start date:05/01/2023
                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c cls
                                                                                                                                                                            Imagebase:0x7ff627730000
                                                                                                                                                                            File size:273920 bytes
                                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:11.8%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:14.2%
                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                              Total number of Limit Nodes:36
                                                                                                                                                                              execution_graph 18709 7ff6f8479495 18710 7ff6f84794a5 18709->18710 18713 7ff6f8464138 LeaveCriticalSection 18710->18713 18693 7ff6f8458990 18694 7ff6f84589be 18693->18694 18695 7ff6f84589a5 18693->18695 18695->18694 18697 7ff6f846cfa0 12 API calls 18695->18697 18696 7ff6f8458a1c 18697->18696 19104 7ff6f8468f00 19107 7ff6f8468e80 19104->19107 19114 7ff6f846fb48 EnterCriticalSection 19107->19114 14995 7ff6f845a1ac 15020 7ff6f845a62c 14995->15020 14998 7ff6f845a1cd __scrt_acquire_startup_lock 15001 7ff6f845a30d 14998->15001 15002 7ff6f845a1eb 14998->15002 14999 7ff6f845a303 15136 7ff6f845a95c IsProcessorFeaturePresent 14999->15136 15003 7ff6f845a95c 7 API calls 15001->15003 15009 7ff6f845a22d __scrt_release_startup_lock 15002->15009 15028 7ff6f8468b18 15002->15028 15007 7ff6f845a318 __FrameHandler3::FrameUnwindToEmptyState 15003->15007 15006 7ff6f845a210 15010 7ff6f845a296 15009->15010 15125 7ff6f8468e34 15009->15125 15037 7ff6f8468a7c 15010->15037 15013 7ff6f845a29b 15043 7ff6f8451000 15013->15043 15017 7ff6f845a2bf 15017->15007 15132 7ff6f845a7c0 15017->15132 15143 7ff6f845abfc 15020->15143 15023 7ff6f845a65b 15145 7ff6f846953c 15023->15145 15024 7ff6f845a1c5 15024->14998 15024->14999 15029 7ff6f8468b2b 15028->15029 15030 7ff6f845a20c 15029->15030 15188 7ff6f845a0c0 15029->15188 15205 7ff6f8463f90 15029->15205 15030->15006 15033 7ff6f8468ad4 15030->15033 15034 7ff6f8468ad9 15033->15034 15035 7ff6f8468b0a 15033->15035 15034->15035 15419 7ff6f845a190 15034->15419 15035->15009 15038 7ff6f8468a8c 15037->15038 15041 7ff6f8468aa1 15037->15041 15038->15041 15428 7ff6f846850c 15038->15428 15041->15013 15044 7ff6f8451011 15043->15044 15497 7ff6f8456720 15044->15497 15046 7ff6f8451023 15504 7ff6f8464d20 15046->15504 15048 7ff6f845278b 15511 7ff6f8451af0 15048->15511 15052 7ff6f845a040 _wfindfirst32i64 8 API calls 15053 7ff6f84528be 15052->15053 15130 7ff6f845aab0 GetModuleHandleW 15053->15130 15054 7ff6f84527a9 15083 7ff6f84528aa 15054->15083 15527 7ff6f8452c30 15054->15527 15056 7ff6f84527db 15056->15083 15530 7ff6f8455ab0 15056->15530 15058 7ff6f84527f7 15059 7ff6f8452843 15058->15059 15060 7ff6f8455ab0 92 API calls 15058->15060 15545 7ff6f8456050 15059->15545 15066 7ff6f8452818 __std_exception_destroy 15060->15066 15062 7ff6f8452858 15549 7ff6f84519d0 15062->15549 15065 7ff6f845294d 15068 7ff6f8452978 15065->15068 15655 7ff6f8452480 15065->15655 15066->15059 15070 7ff6f8456050 89 API calls 15066->15070 15067 7ff6f84519d0 121 API calls 15069 7ff6f845288e 15067->15069 15079 7ff6f84529bb 15068->15079 15560 7ff6f8456d10 15068->15560 15073 7ff6f8452892 15069->15073 15074 7ff6f84528d0 15069->15074 15070->15059 15626 7ff6f8451c50 15073->15626 15074->15065 15632 7ff6f8452dc0 15074->15632 15075 7ff6f8452998 15076 7ff6f845299d 15075->15076 15077 7ff6f84529ae SetDllDirectoryW 15075->15077 15080 7ff6f8451c50 86 API calls 15076->15080 15077->15079 15574 7ff6f8454f80 15079->15574 15080->15083 15083->15052 15086 7ff6f8452a16 15094 7ff6f8452ad6 15086->15094 15099 7ff6f8452a29 15086->15099 15087 7ff6f84528f2 15091 7ff6f8451c50 86 API calls 15087->15091 15090 7ff6f8452920 15090->15065 15093 7ff6f8452925 15090->15093 15091->15083 15092 7ff6f84529d8 15092->15086 15669 7ff6f8454780 15092->15669 15651 7ff6f845e528 15093->15651 15578 7ff6f8452310 15094->15578 15108 7ff6f8452a75 15099->15108 15769 7ff6f8451b30 15099->15769 15100 7ff6f8452a0c 15763 7ff6f84549d0 15100->15763 15101 7ff6f84529ed 15689 7ff6f8454710 15101->15689 15107 7ff6f8452b0b 15111 7ff6f8455ab0 92 API calls 15107->15111 15108->15083 15773 7ff6f84522b0 15108->15773 15109 7ff6f84529f7 15109->15100 15110 7ff6f84529fb 15109->15110 15757 7ff6f8454dd0 15110->15757 15116 7ff6f8452b17 15111->15116 15114 7ff6f8452ab1 15117 7ff6f84549d0 FreeLibrary 15114->15117 15116->15083 15595 7ff6f8456090 15116->15595 15117->15083 15126 7ff6f8468e6c 15125->15126 15127 7ff6f8468e4b 15125->15127 18027 7ff6f8469588 15126->18027 15127->15010 15131 7ff6f845aac1 15130->15131 15131->15017 15133 7ff6f845a7d1 15132->15133 15134 7ff6f845a2d6 15133->15134 15135 7ff6f845bd58 __scrt_initialize_crt 7 API calls 15133->15135 15134->15006 15135->15134 15137 7ff6f845a982 _wfindfirst32i64 memcpy_s 15136->15137 15138 7ff6f845a9a1 RtlCaptureContext RtlLookupFunctionEntry 15137->15138 15139 7ff6f845a9ca RtlVirtualUnwind 15138->15139 15140 7ff6f845aa06 memcpy_s 15138->15140 15139->15140 15141 7ff6f845aa38 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15140->15141 15142 7ff6f845aa8a _wfindfirst32i64 15141->15142 15142->15001 15144 7ff6f845a64e __scrt_dllmain_crt_thread_attach 15143->15144 15144->15023 15144->15024 15146 7ff6f847295c 15145->15146 15147 7ff6f845a660 15146->15147 15155 7ff6f846beb0 15146->15155 15147->15024 15149 7ff6f845bd58 15147->15149 15150 7ff6f845bd6a 15149->15150 15151 7ff6f845bd60 15149->15151 15150->15024 15167 7ff6f845c0d4 15151->15167 15166 7ff6f846fb48 EnterCriticalSection 15155->15166 15168 7ff6f845c0e3 15167->15168 15169 7ff6f845bd65 15167->15169 15175 7ff6f845c310 15168->15175 15171 7ff6f845c140 15169->15171 15172 7ff6f845c16b 15171->15172 15173 7ff6f845c16f 15172->15173 15174 7ff6f845c14e DeleteCriticalSection 15172->15174 15173->15150 15174->15172 15179 7ff6f845c178 15175->15179 15180 7ff6f845c1bc __vcrt_InitializeCriticalSectionEx 15179->15180 15186 7ff6f845c292 TlsFree 15179->15186 15181 7ff6f845c1ea LoadLibraryExW 15180->15181 15182 7ff6f845c281 GetProcAddress 15180->15182 15180->15186 15187 7ff6f845c22d LoadLibraryExW 15180->15187 15183 7ff6f845c20b GetLastError 15181->15183 15184 7ff6f845c261 15181->15184 15182->15186 15183->15180 15184->15182 15185 7ff6f845c278 FreeLibrary 15184->15185 15185->15182 15187->15180 15187->15184 15189 7ff6f845a0d0 15188->15189 15217 7ff6f84655ac 15189->15217 15191 7ff6f845a0dc 15223 7ff6f845a678 15191->15223 15193 7ff6f845a149 15194 7ff6f845a95c 7 API calls 15193->15194 15204 7ff6f845a165 15193->15204 15196 7ff6f845a175 15194->15196 15195 7ff6f845a0f4 _RTC_Initialize 15195->15193 15228 7ff6f845a828 15195->15228 15196->15029 15198 7ff6f845a109 15231 7ff6f8468314 15198->15231 15204->15029 15206 7ff6f8463fba 15205->15206 15207 7ff6f846e248 _get_daylight 11 API calls 15206->15207 15208 7ff6f8463fd9 15207->15208 15209 7ff6f846a2b8 __free_lconv_num 11 API calls 15208->15209 15210 7ff6f8463fe7 15209->15210 15211 7ff6f846e248 _get_daylight 11 API calls 15210->15211 15214 7ff6f8464011 15210->15214 15213 7ff6f8464003 15211->15213 15215 7ff6f846a2b8 __free_lconv_num 11 API calls 15213->15215 15216 7ff6f846401a 15214->15216 15405 7ff6f846e628 15214->15405 15215->15214 15216->15029 15218 7ff6f84655bd 15217->15218 15219 7ff6f84655c5 15218->15219 15257 7ff6f8465e08 15218->15257 15219->15191 15224 7ff6f845a689 15223->15224 15227 7ff6f845a68e __scrt_acquire_startup_lock 15223->15227 15225 7ff6f845a95c 7 API calls 15224->15225 15224->15227 15226 7ff6f845a702 15225->15226 15227->15195 15384 7ff6f845a7ec 15228->15384 15230 7ff6f845a831 15230->15198 15232 7ff6f8468334 15231->15232 15233 7ff6f845a115 15231->15233 15234 7ff6f846833c 15232->15234 15235 7ff6f8468352 GetModuleFileNameW 15232->15235 15233->15193 15256 7ff6f845a8fc InitializeSListHead 15233->15256 15236 7ff6f8465e08 _get_daylight 11 API calls 15234->15236 15239 7ff6f846837d 15235->15239 15237 7ff6f8468341 15236->15237 15238 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 15237->15238 15238->15233 15399 7ff6f84682b4 15239->15399 15242 7ff6f84683c5 15243 7ff6f8465e08 _get_daylight 11 API calls 15242->15243 15244 7ff6f84683ca 15243->15244 15245 7ff6f846a2b8 __free_lconv_num 11 API calls 15244->15245 15248 7ff6f84683d8 15245->15248 15246 7ff6f84683dd 15247 7ff6f84683ff 15246->15247 15250 7ff6f846842b 15246->15250 15251 7ff6f8468444 15246->15251 15249 7ff6f846a2b8 __free_lconv_num 11 API calls 15247->15249 15248->15233 15249->15233 15252 7ff6f846a2b8 __free_lconv_num 11 API calls 15250->15252 15254 7ff6f846a2b8 __free_lconv_num 11 API calls 15251->15254 15253 7ff6f8468434 15252->15253 15255 7ff6f846a2b8 __free_lconv_num 11 API calls 15253->15255 15254->15247 15255->15248 15262 7ff6f846ac28 GetLastError 15257->15262 15259 7ff6f84655d4 15260 7ff6f846a250 15259->15260 15320 7ff6f846a0e4 15260->15320 15263 7ff6f846ac69 FlsSetValue 15262->15263 15269 7ff6f846ac4c 15262->15269 15264 7ff6f846ac7b 15263->15264 15268 7ff6f846ac59 SetLastError 15263->15268 15279 7ff6f846e248 15264->15279 15268->15259 15269->15263 15269->15268 15270 7ff6f846aca8 FlsSetValue 15273 7ff6f846acc6 15270->15273 15274 7ff6f846acb4 FlsSetValue 15270->15274 15271 7ff6f846ac98 FlsSetValue 15272 7ff6f846aca1 15271->15272 15286 7ff6f846a2b8 15272->15286 15292 7ff6f846a860 15273->15292 15274->15272 15280 7ff6f846e259 _get_daylight 15279->15280 15281 7ff6f846e2aa 15280->15281 15282 7ff6f846e28e RtlAllocateHeap 15280->15282 15297 7ff6f8472a40 15280->15297 15283 7ff6f8465e08 _get_daylight 10 API calls 15281->15283 15282->15280 15284 7ff6f846ac8a 15282->15284 15283->15284 15284->15270 15284->15271 15287 7ff6f846a2bd RtlReleasePrivilege 15286->15287 15288 7ff6f846a2ec 15286->15288 15287->15288 15289 7ff6f846a2d8 GetLastError 15287->15289 15288->15268 15290 7ff6f846a2e5 __free_lconv_num 15289->15290 15291 7ff6f8465e08 _get_daylight 9 API calls 15290->15291 15291->15288 15306 7ff6f846a738 15292->15306 15300 7ff6f8472a7c 15297->15300 15305 7ff6f846fb48 EnterCriticalSection 15300->15305 15318 7ff6f846fb48 EnterCriticalSection 15306->15318 15321 7ff6f846a10f 15320->15321 15324 7ff6f846a180 15321->15324 15323 7ff6f846a136 15332 7ff6f8469ec8 15324->15332 15328 7ff6f846a1bb 15328->15323 15333 7ff6f8469ee4 GetLastError 15332->15333 15334 7ff6f8469f1f 15332->15334 15335 7ff6f8469ef4 15333->15335 15334->15328 15338 7ff6f8469f34 15334->15338 15345 7ff6f846acf0 15335->15345 15339 7ff6f8469f68 15338->15339 15340 7ff6f8469f50 GetLastError SetLastError 15338->15340 15339->15328 15341 7ff6f846a270 IsProcessorFeaturePresent 15339->15341 15340->15339 15342 7ff6f846a283 15341->15342 15362 7ff6f8469f80 15342->15362 15346 7ff6f846ad2a FlsSetValue 15345->15346 15347 7ff6f846ad0f FlsGetValue 15345->15347 15349 7ff6f8469f0f SetLastError 15346->15349 15350 7ff6f846ad37 15346->15350 15348 7ff6f846ad24 15347->15348 15347->15349 15348->15346 15349->15334 15351 7ff6f846e248 _get_daylight 11 API calls 15350->15351 15352 7ff6f846ad46 15351->15352 15353 7ff6f846ad64 FlsSetValue 15352->15353 15354 7ff6f846ad54 FlsSetValue 15352->15354 15356 7ff6f846ad82 15353->15356 15357 7ff6f846ad70 FlsSetValue 15353->15357 15355 7ff6f846ad5d 15354->15355 15358 7ff6f846a2b8 __free_lconv_num 11 API calls 15355->15358 15359 7ff6f846a860 _get_daylight 11 API calls 15356->15359 15357->15355 15358->15349 15360 7ff6f846ad8a 15359->15360 15361 7ff6f846a2b8 __free_lconv_num 11 API calls 15360->15361 15361->15349 15363 7ff6f8469fba _wfindfirst32i64 memcpy_s 15362->15363 15364 7ff6f8469fe2 RtlCaptureContext RtlLookupFunctionEntry 15363->15364 15365 7ff6f846a01c RtlVirtualUnwind 15364->15365 15366 7ff6f846a052 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15364->15366 15365->15366 15367 7ff6f846a0a4 _wfindfirst32i64 15366->15367 15370 7ff6f845a040 15367->15370 15371 7ff6f845a049 15370->15371 15372 7ff6f845a054 GetCurrentProcess TerminateProcess 15371->15372 15373 7ff6f845a380 IsProcessorFeaturePresent 15371->15373 15374 7ff6f845a398 15373->15374 15379 7ff6f845a574 RtlCaptureContext 15374->15379 15380 7ff6f845a58e RtlLookupFunctionEntry 15379->15380 15381 7ff6f845a3ab 15380->15381 15382 7ff6f845a5a4 RtlVirtualUnwind 15380->15382 15383 7ff6f845a344 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15381->15383 15382->15380 15382->15381 15385 7ff6f845a806 15384->15385 15387 7ff6f845a7ff 15384->15387 15388 7ff6f846939c 15385->15388 15387->15230 15391 7ff6f8468fd8 15388->15391 15398 7ff6f846fb48 EnterCriticalSection 15391->15398 15400 7ff6f84682cc 15399->15400 15404 7ff6f8468304 15399->15404 15401 7ff6f846e248 _get_daylight 11 API calls 15400->15401 15400->15404 15402 7ff6f84682fa 15401->15402 15403 7ff6f846a2b8 __free_lconv_num 11 API calls 15402->15403 15403->15404 15404->15242 15404->15246 15410 7ff6f846e2c0 15405->15410 15408 7ff6f846e67d InitializeCriticalSectionAndSpinCount 15409 7ff6f846e663 15408->15409 15409->15214 15411 7ff6f846e321 15410->15411 15412 7ff6f846e31c __vcrt_InitializeCriticalSectionEx 15410->15412 15411->15408 15411->15409 15412->15411 15413 7ff6f846e350 LoadLibraryExW 15412->15413 15414 7ff6f846e445 GetProcAddress 15412->15414 15418 7ff6f846e3af LoadLibraryExW 15412->15418 15415 7ff6f846e425 15413->15415 15416 7ff6f846e375 GetLastError 15413->15416 15414->15411 15415->15414 15417 7ff6f846e43c FreeLibrary 15415->15417 15416->15412 15417->15414 15418->15412 15418->15415 15427 7ff6f845ab04 SetUnhandledExceptionFilter 15419->15427 15429 7ff6f8468525 15428->15429 15440 7ff6f8468521 15428->15440 15449 7ff6f8471f2c GetEnvironmentStringsW 15429->15449 15432 7ff6f8468532 15434 7ff6f846a2b8 __free_lconv_num 11 API calls 15432->15434 15433 7ff6f846853e 15456 7ff6f846868c 15433->15456 15434->15440 15437 7ff6f846a2b8 __free_lconv_num 11 API calls 15438 7ff6f8468565 15437->15438 15439 7ff6f846a2b8 __free_lconv_num 11 API calls 15438->15439 15439->15440 15440->15041 15441 7ff6f84688cc 15440->15441 15442 7ff6f84688ef 15441->15442 15445 7ff6f8468906 15441->15445 15442->15041 15443 7ff6f846ec04 MultiByteToWideChar _fread_nolock 15443->15445 15444 7ff6f846e248 _get_daylight 11 API calls 15444->15445 15445->15442 15445->15443 15445->15444 15446 7ff6f846897a 15445->15446 15448 7ff6f846a2b8 __free_lconv_num 11 API calls 15445->15448 15447 7ff6f846a2b8 __free_lconv_num 11 API calls 15446->15447 15447->15442 15448->15445 15450 7ff6f846852a 15449->15450 15451 7ff6f8471f50 15449->15451 15450->15432 15450->15433 15475 7ff6f846cfa0 15451->15475 15453 7ff6f846a2b8 __free_lconv_num 11 API calls 15454 7ff6f8471fa7 FreeEnvironmentStringsW 15453->15454 15454->15450 15455 7ff6f8471f87 memcpy_s 15455->15453 15457 7ff6f84686b4 15456->15457 15458 7ff6f846e248 _get_daylight 11 API calls 15457->15458 15471 7ff6f84686ef 15458->15471 15459 7ff6f84686f7 15460 7ff6f846a2b8 __free_lconv_num 11 API calls 15459->15460 15461 7ff6f8468546 15460->15461 15461->15437 15462 7ff6f8468771 15463 7ff6f846a2b8 __free_lconv_num 11 API calls 15462->15463 15463->15461 15464 7ff6f846e248 _get_daylight 11 API calls 15464->15471 15465 7ff6f8468760 15491 7ff6f84687a8 15465->15491 15469 7ff6f846a2b8 __free_lconv_num 11 API calls 15469->15459 15470 7ff6f8468794 15472 7ff6f846a270 _wfindfirst32i64 17 API calls 15470->15472 15471->15459 15471->15462 15471->15464 15471->15465 15471->15470 15473 7ff6f846a2b8 __free_lconv_num 11 API calls 15471->15473 15482 7ff6f846fce4 15471->15482 15474 7ff6f84687a6 15472->15474 15473->15471 15476 7ff6f846cfeb 15475->15476 15480 7ff6f846cfaf _get_daylight 15475->15480 15477 7ff6f8465e08 _get_daylight 11 API calls 15476->15477 15479 7ff6f846cfe9 15477->15479 15478 7ff6f846cfd2 RtlAllocateHeap 15478->15479 15478->15480 15479->15455 15480->15476 15480->15478 15481 7ff6f8472a40 _get_daylight 2 API calls 15480->15481 15481->15480 15483 7ff6f846fcf1 15482->15483 15484 7ff6f846fcfb 15482->15484 15483->15484 15489 7ff6f846fd17 15483->15489 15485 7ff6f8465e08 _get_daylight 11 API calls 15484->15485 15486 7ff6f846fd03 15485->15486 15488 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 15486->15488 15487 7ff6f846fd0f 15487->15471 15488->15487 15489->15487 15490 7ff6f8465e08 _get_daylight 11 API calls 15489->15490 15490->15486 15493 7ff6f84687ad 15491->15493 15496 7ff6f8468768 15491->15496 15492 7ff6f84687d6 15495 7ff6f846a2b8 __free_lconv_num 11 API calls 15492->15495 15493->15492 15494 7ff6f846a2b8 __free_lconv_num 11 API calls 15493->15494 15494->15493 15495->15496 15496->15469 15499 7ff6f845673f 15497->15499 15498 7ff6f8456790 WideCharToMultiByte 15498->15499 15502 7ff6f8456838 15498->15502 15499->15498 15501 7ff6f84567e6 WideCharToMultiByte 15499->15501 15499->15502 15503 7ff6f8456747 __std_exception_destroy 15499->15503 15501->15499 15501->15502 15819 7ff6f8451cb0 15502->15819 15503->15046 15505 7ff6f846f01c 15504->15505 15506 7ff6f846f06f 15505->15506 15508 7ff6f846f0c5 15505->15508 15507 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15506->15507 15510 7ff6f846f098 15507->15510 16167 7ff6f846eef4 15508->16167 15510->15048 15512 7ff6f8451b05 15511->15512 15513 7ff6f8451b20 15512->15513 16175 7ff6f8451c10 15512->16175 15513->15083 15515 7ff6f8452cb0 15513->15515 16198 7ff6f845a070 15515->16198 15518 7ff6f8452ceb 15521 7ff6f8451cb0 86 API calls 15518->15521 15519 7ff6f8452d02 16200 7ff6f8456e20 15519->16200 15525 7ff6f8452cfe 15521->15525 15523 7ff6f8451c50 86 API calls 15523->15525 15524 7ff6f845a040 _wfindfirst32i64 8 API calls 15526 7ff6f8452d3f 15524->15526 15525->15524 15526->15054 15528 7ff6f8451b30 49 API calls 15527->15528 15529 7ff6f8452c4d 15528->15529 15529->15056 15531 7ff6f8455aba 15530->15531 15532 7ff6f8456d10 88 API calls 15531->15532 15533 7ff6f8455adc GetEnvironmentVariableW 15532->15533 15534 7ff6f8455b46 15533->15534 15535 7ff6f8455af4 ExpandEnvironmentStringsW 15533->15535 15536 7ff6f845a040 _wfindfirst32i64 8 API calls 15534->15536 15537 7ff6f8456e20 88 API calls 15535->15537 15538 7ff6f8455b58 15536->15538 15539 7ff6f8455b1c 15537->15539 15538->15058 15539->15534 15540 7ff6f8455b26 15539->15540 16211 7ff6f84695bc 15540->16211 15543 7ff6f845a040 _wfindfirst32i64 8 API calls 15544 7ff6f8455b3e 15543->15544 15544->15058 15546 7ff6f8456d10 88 API calls 15545->15546 15547 7ff6f8456067 SetEnvironmentVariableW 15546->15547 15548 7ff6f845607f __std_exception_destroy 15547->15548 15548->15062 15550 7ff6f8451b30 49 API calls 15549->15550 15551 7ff6f8451a00 15550->15551 15552 7ff6f8451b30 49 API calls 15551->15552 15559 7ff6f8451a7a 15551->15559 15553 7ff6f8451a22 15552->15553 15554 7ff6f8452c30 49 API calls 15553->15554 15553->15559 15555 7ff6f8451a3b 15554->15555 16218 7ff6f84517b0 15555->16218 15558 7ff6f845e528 74 API calls 15558->15559 15559->15065 15559->15067 15561 7ff6f8456db7 MultiByteToWideChar 15560->15561 15562 7ff6f8456d31 MultiByteToWideChar 15560->15562 15563 7ff6f8456dda 15561->15563 15564 7ff6f8456dff 15561->15564 15565 7ff6f8456d7c 15562->15565 15566 7ff6f8456d57 15562->15566 15567 7ff6f8451cb0 86 API calls 15563->15567 15564->15075 15565->15561 15571 7ff6f8456d92 15565->15571 15568 7ff6f8451cb0 86 API calls 15566->15568 15569 7ff6f8456ded 15567->15569 15570 7ff6f8456d6a 15568->15570 15569->15075 15570->15075 15572 7ff6f8451cb0 86 API calls 15571->15572 15573 7ff6f8456da5 15572->15573 15573->15075 15575 7ff6f8454f95 15574->15575 15576 7ff6f8451c10 86 API calls 15575->15576 15577 7ff6f84529c0 15575->15577 15576->15577 15577->15086 15659 7ff6f8454c20 15577->15659 15580 7ff6f84523c4 15578->15580 15587 7ff6f8452383 15578->15587 15579 7ff6f8452403 15582 7ff6f845a040 _wfindfirst32i64 8 API calls 15579->15582 15580->15579 15581 7ff6f8451ab0 74 API calls 15580->15581 15581->15580 15583 7ff6f8452415 15582->15583 15583->15083 15588 7ff6f8455fe0 15583->15588 15587->15580 16291 7ff6f8451440 15587->16291 16325 7ff6f8451dc0 15587->16325 16379 7ff6f8451780 15587->16379 15589 7ff6f8456d10 88 API calls 15588->15589 15590 7ff6f8455fff 15589->15590 15591 7ff6f8456d10 88 API calls 15590->15591 15592 7ff6f845600f 15591->15592 15593 7ff6f8466598 38 API calls 15592->15593 15594 7ff6f845601d __std_exception_destroy 15593->15594 15594->15107 15596 7ff6f84560a0 15595->15596 15597 7ff6f8456d10 88 API calls 15596->15597 15598 7ff6f84560d1 15597->15598 17214 7ff6f8467248 15598->17214 15601 7ff6f8467248 14 API calls 15602 7ff6f84560ea 15601->15602 15627 7ff6f8451c6e 15626->15627 15628 7ff6f8451b90 78 API calls 15627->15628 15629 7ff6f8451c8c 15628->15629 15630 7ff6f8451d00 86 API calls 15629->15630 15631 7ff6f8451c9b 15630->15631 15631->15083 15633 7ff6f8452dcc 15632->15633 15634 7ff6f8456d10 88 API calls 15633->15634 15635 7ff6f8452df7 15634->15635 15636 7ff6f8456d10 88 API calls 15635->15636 15637 7ff6f8452e0a 15636->15637 17250 7ff6f84652d8 15637->17250 15640 7ff6f845a040 _wfindfirst32i64 8 API calls 15641 7ff6f84528ea 15640->15641 15641->15087 15642 7ff6f84562c0 15641->15642 15643 7ff6f84562e4 15642->15643 15644 7ff6f845eb90 73 API calls 15643->15644 15649 7ff6f84563bb __std_exception_destroy 15643->15649 15645 7ff6f84562fe 15644->15645 15645->15649 17629 7ff6f8467de4 15645->17629 15647 7ff6f845eb90 73 API calls 15650 7ff6f8456313 15647->15650 15648 7ff6f845e878 _fread_nolock 53 API calls 15648->15650 15649->15090 15650->15647 15650->15648 15650->15649 15652 7ff6f845e558 15651->15652 17644 7ff6f845e308 15652->17644 15654 7ff6f845e571 15654->15087 15656 7ff6f8452497 15655->15656 15657 7ff6f84524c0 15655->15657 15656->15657 15658 7ff6f8451780 86 API calls 15656->15658 15657->15068 15658->15656 15663 7ff6f8454c44 15659->15663 15664 7ff6f8454c71 15659->15664 15660 7ff6f8454c6c 17655 7ff6f84512b0 15660->17655 15661 7ff6f8451780 86 API calls 15661->15663 15663->15660 15663->15661 15663->15664 15668 7ff6f8454c67 memcpy_s __std_exception_destroy 15663->15668 15664->15668 17681 7ff6f8452e40 15664->17681 15666 7ff6f8454cd7 15667 7ff6f8451c50 86 API calls 15666->15667 15666->15668 15667->15668 15668->15092 15670 7ff6f845479a memcpy_s 15669->15670 15671 7ff6f84548bf 15670->15671 15673 7ff6f84548db 15670->15673 15677 7ff6f8452e40 49 API calls 15670->15677 15678 7ff6f84548a0 15670->15678 15686 7ff6f8451440 158 API calls 15670->15686 15687 7ff6f84548c1 15670->15687 17684 7ff6f8451650 15670->17684 15674 7ff6f8452e40 49 API calls 15671->15674 15675 7ff6f8451c50 86 API calls 15673->15675 15676 7ff6f8454938 15674->15676 15680 7ff6f84548d1 __std_exception_destroy 15675->15680 15679 7ff6f8452e40 49 API calls 15676->15679 15677->15670 15678->15671 15681 7ff6f8452e40 49 API calls 15678->15681 15682 7ff6f8454968 15679->15682 15683 7ff6f845a040 _wfindfirst32i64 8 API calls 15680->15683 15681->15671 15685 7ff6f8452e40 49 API calls 15682->15685 15684 7ff6f84529e9 15683->15684 15684->15100 15684->15101 15685->15680 15686->15670 15688 7ff6f8451c50 86 API calls 15687->15688 15688->15680 17689 7ff6f8456270 15689->17689 15691 7ff6f8454722 15692 7ff6f8456270 89 API calls 15691->15692 15693 7ff6f8454735 15692->15693 15694 7ff6f845475a 15693->15694 15695 7ff6f845474d GetProcAddress 15693->15695 15696 7ff6f8451c50 86 API calls 15694->15696 15699 7ff6f84550dc GetProcAddress 15695->15699 15700 7ff6f84550b9 15695->15700 15698 7ff6f8454766 15696->15698 15698->15109 15699->15700 15701 7ff6f8455101 GetProcAddress 15699->15701 15703 7ff6f8451cb0 86 API calls 15700->15703 15701->15700 15702 7ff6f8455126 GetProcAddress 15701->15702 15702->15700 15704 7ff6f845514e GetProcAddress 15702->15704 15705 7ff6f84550cc 15703->15705 15704->15700 15706 7ff6f8455176 GetProcAddress 15704->15706 15705->15109 15706->15700 15707 7ff6f845519e GetProcAddress 15706->15707 15758 7ff6f8454df4 15757->15758 15764 7ff6f84549fd 15763->15764 15768 7ff6f84549e2 15763->15768 15764->15086 15765 7ff6f8454ac0 15765->15764 17694 7ff6f8456250 FreeLibrary 15765->17694 15768->15764 15768->15765 17693 7ff6f8456250 FreeLibrary 15768->17693 15770 7ff6f8451b55 15769->15770 15771 7ff6f8463a20 49 API calls 15770->15771 15772 7ff6f8451b78 15771->15772 15772->15108 17695 7ff6f8453aa0 15773->17695 15776 7ff6f84522fd 15776->15114 15778 7ff6f84522d4 15778->15776 17751 7ff6f8453820 15778->17751 15826 7ff6f8451d00 15819->15826 15827 7ff6f8451d10 15826->15827 15851 7ff6f8463a20 15827->15851 15831 7ff6f8451d70 15884 7ff6f8451b90 15831->15884 15834 7ff6f845a040 _wfindfirst32i64 8 API calls 15835 7ff6f8451cd7 GetLastError 15834->15835 15836 7ff6f84565d0 15835->15836 15837 7ff6f84565dc 15836->15837 15838 7ff6f84565fd FormatMessageW 15837->15838 15839 7ff6f84565f7 GetLastError 15837->15839 15840 7ff6f845664c WideCharToMultiByte 15838->15840 15841 7ff6f8456630 15838->15841 15839->15838 15842 7ff6f8456686 15840->15842 15843 7ff6f8456643 15840->15843 15844 7ff6f8451cb0 83 API calls 15841->15844 15845 7ff6f8451cb0 83 API calls 15842->15845 15846 7ff6f845a040 _wfindfirst32i64 8 API calls 15843->15846 15844->15843 15845->15843 15847 7ff6f8451ce4 15846->15847 15848 7ff6f8451be0 15847->15848 15849 7ff6f8451d00 86 API calls 15848->15849 15850 7ff6f8451c02 15849->15850 15850->15503 15855 7ff6f8463a7a 15851->15855 15852 7ff6f8463a9f 15853 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15852->15853 15857 7ff6f8463ac9 15853->15857 15854 7ff6f8463adb 15888 7ff6f84614e8 15854->15888 15855->15852 15855->15854 15859 7ff6f845a040 _wfindfirst32i64 8 API calls 15857->15859 15858 7ff6f8463bb8 15860 7ff6f846a2b8 __free_lconv_num 11 API calls 15858->15860 15862 7ff6f8451d58 15859->15862 15860->15857 15869 7ff6f8456b50 MultiByteToWideChar 15862->15869 15863 7ff6f8463b8d 15866 7ff6f846a2b8 __free_lconv_num 11 API calls 15863->15866 15864 7ff6f8463bdc 15864->15858 15865 7ff6f8463be6 15864->15865 15868 7ff6f846a2b8 __free_lconv_num 11 API calls 15865->15868 15866->15857 15867 7ff6f8463b84 15867->15858 15867->15863 15868->15857 15870 7ff6f8456b99 15869->15870 15871 7ff6f8456bb3 15869->15871 15872 7ff6f8451cb0 82 API calls 15870->15872 15873 7ff6f8456bc9 15871->15873 15874 7ff6f8456be3 MultiByteToWideChar 15871->15874 15883 7ff6f8456bac __std_exception_destroy 15872->15883 15875 7ff6f8451cb0 82 API calls 15873->15875 15876 7ff6f8456c06 15874->15876 15877 7ff6f8456c20 WideCharToMultiByte 15874->15877 15875->15883 15878 7ff6f8451cb0 82 API calls 15876->15878 15879 7ff6f8456c56 15877->15879 15881 7ff6f8456c4d 15877->15881 15878->15883 15880 7ff6f8456c7b WideCharToMultiByte 15879->15880 15879->15881 15880->15881 15880->15883 15882 7ff6f8451cb0 82 API calls 15881->15882 15882->15883 15883->15831 15885 7ff6f8451bb6 15884->15885 16152 7ff6f84638fc 15885->16152 15887 7ff6f8451bcc 15887->15834 15889 7ff6f846151f 15888->15889 15890 7ff6f846150f 15888->15890 15891 7ff6f8461525 15889->15891 15899 7ff6f8461555 15889->15899 15892 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15890->15892 15893 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15891->15893 15894 7ff6f846154d 15892->15894 15893->15894 15894->15858 15894->15863 15894->15864 15894->15867 15897 7ff6f846180e 15898 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15897->15898 15898->15890 15899->15890 15899->15894 15899->15897 15902 7ff6f8462418 15899->15902 15927 7ff6f8461cb4 15899->15927 15956 7ff6f846103c 15899->15956 15959 7ff6f84635d0 15899->15959 15903 7ff6f84624bb 15902->15903 15904 7ff6f846245e 15902->15904 15907 7ff6f846252b 15903->15907 15908 7ff6f84624bf 15903->15908 15905 7ff6f8462464 15904->15905 15906 7ff6f846251e 15904->15906 15905->15907 15919 7ff6f846248a 15905->15919 15921 7ff6f84624b1 15905->15921 15923 7ff6f8462496 15905->15923 15925 7ff6f8462534 15905->15925 15926 7ff6f84624a5 15905->15926 15987 7ff6f845ffd8 15906->15987 15994 7ff6f8462d34 15907->15994 15908->15906 15910 7ff6f8462517 15908->15910 15911 7ff6f84624c7 15908->15911 15983 7ff6f8463368 15910->15983 15915 7ff6f84624f7 15911->15915 15916 7ff6f84624cb 15911->15916 15976 7ff6f845fc04 15915->15976 15916->15906 15916->15921 15916->15926 15918 7ff6f845a040 _wfindfirst32i64 8 API calls 15920 7ff6f84627c6 15918->15920 15919->15907 15919->15923 15919->15926 15920->15899 15921->15925 15969 7ff6f84603ac 15921->15969 15923->15925 15965 7ff6f84631e0 15923->15965 15925->15918 15926->15925 16004 7ff6f846def0 15926->16004 15928 7ff6f8461cd5 15927->15928 15929 7ff6f8461cbf 15927->15929 15932 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15928->15932 15937 7ff6f8461d13 15928->15937 15930 7ff6f84624bb 15929->15930 15931 7ff6f846245e 15929->15931 15929->15937 15934 7ff6f846252b 15930->15934 15935 7ff6f84624bf 15930->15935 15933 7ff6f846251e 15931->15933 15946 7ff6f8462464 15931->15946 15932->15937 15941 7ff6f845ffd8 38 API calls 15933->15941 15936 7ff6f8462d34 47 API calls 15934->15936 15935->15933 15939 7ff6f8462517 15935->15939 15940 7ff6f84624c7 15935->15940 15953 7ff6f84624a5 15936->15953 15937->15899 15938 7ff6f8462496 15945 7ff6f84631e0 47 API calls 15938->15945 15955 7ff6f8462534 15938->15955 15942 7ff6f8463368 37 API calls 15939->15942 15943 7ff6f84624cb 15940->15943 15944 7ff6f84624f7 15940->15944 15941->15953 15942->15953 15943->15933 15952 7ff6f84624b1 15943->15952 15943->15953 15948 7ff6f845fc04 38 API calls 15944->15948 15945->15953 15946->15934 15946->15938 15950 7ff6f846248a 15946->15950 15946->15952 15946->15953 15946->15955 15947 7ff6f845a040 _wfindfirst32i64 8 API calls 15949 7ff6f84627c6 15947->15949 15948->15953 15949->15899 15950->15934 15950->15938 15950->15953 15951 7ff6f84603ac 38 API calls 15951->15953 15952->15951 15952->15955 15954 7ff6f846def0 47 API calls 15953->15954 15953->15955 15954->15953 15955->15947 16089 7ff6f845f1fc 15956->16089 15960 7ff6f84635e7 15959->15960 16106 7ff6f846d034 15960->16106 15966 7ff6f8463253 15965->15966 15967 7ff6f84631f4 15965->15967 15966->15926 15967->15966 15968 7ff6f846def0 47 API calls 15967->15968 15968->15966 15970 7ff6f84603d2 15969->15970 15971 7ff6f84603fc 15970->15971 15973 7ff6f84604b3 15970->15973 15975 7ff6f8460438 15971->15975 16014 7ff6f845f068 15971->16014 15974 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15973->15974 15974->15975 15975->15926 15977 7ff6f845fc2a 15976->15977 15978 7ff6f845fc54 15977->15978 15980 7ff6f845fd0b 15977->15980 15979 7ff6f845f068 12 API calls 15978->15979 15982 7ff6f845fc90 15978->15982 15979->15982 15981 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15980->15981 15981->15982 15982->15926 15985 7ff6f8463387 15983->15985 15984 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15986 7ff6f84633b8 15984->15986 15985->15984 15985->15986 15986->15926 15988 7ff6f845fffe 15987->15988 15989 7ff6f8460028 15988->15989 15991 7ff6f84600df 15988->15991 15990 7ff6f845f068 12 API calls 15989->15990 15993 7ff6f8460064 15989->15993 15990->15993 15992 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 15991->15992 15992->15993 15993->15926 15995 7ff6f8462d56 15994->15995 15996 7ff6f845f068 12 API calls 15995->15996 15997 7ff6f8462da0 15996->15997 16022 7ff6f846dc08 15997->16022 16000 7ff6f84635d0 45 API calls 16001 7ff6f8462e8c 16000->16001 16002 7ff6f84635d0 45 API calls 16001->16002 16003 7ff6f8462f15 16001->16003 16002->16003 16003->15926 16006 7ff6f846df18 16004->16006 16005 7ff6f846df46 memcpy_s 16007 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16005->16007 16012 7ff6f846df1d memcpy_s 16005->16012 16006->16005 16008 7ff6f84635d0 45 API calls 16006->16008 16009 7ff6f846df5d 16006->16009 16006->16012 16007->16012 16008->16009 16009->16005 16009->16012 16086 7ff6f846f4a4 16009->16086 16012->15926 16015 7ff6f845f08e 16014->16015 16016 7ff6f845f09f 16014->16016 16015->15975 16016->16015 16017 7ff6f846cfa0 _fread_nolock 12 API calls 16016->16017 16018 7ff6f845f0cc 16017->16018 16019 7ff6f845f0e0 16018->16019 16020 7ff6f846a2b8 __free_lconv_num 11 API calls 16018->16020 16021 7ff6f846a2b8 __free_lconv_num 11 API calls 16019->16021 16020->16019 16021->16015 16023 7ff6f846dc58 16022->16023 16024 7ff6f846dc25 16022->16024 16023->16024 16026 7ff6f846dc8a 16023->16026 16025 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16024->16025 16035 7ff6f8462e6a 16025->16035 16034 7ff6f846dd9d 16026->16034 16038 7ff6f846dcd2 16026->16038 16027 7ff6f846de8f 16077 7ff6f846d0d8 16027->16077 16029 7ff6f846de55 16070 7ff6f846d48c 16029->16070 16031 7ff6f846de24 16063 7ff6f846d76c 16031->16063 16033 7ff6f846dde7 16053 7ff6f846d99c 16033->16053 16034->16027 16034->16029 16034->16031 16034->16033 16036 7ff6f846dddd 16034->16036 16035->16000 16035->16001 16036->16029 16039 7ff6f846dde2 16036->16039 16038->16035 16038->16038 16044 7ff6f846965c 16038->16044 16039->16031 16039->16033 16042 7ff6f846a270 _wfindfirst32i64 17 API calls 16043 7ff6f846deec 16042->16043 16045 7ff6f8469669 16044->16045 16046 7ff6f8469673 16044->16046 16045->16046 16051 7ff6f846968e 16045->16051 16047 7ff6f8465e08 _get_daylight 11 API calls 16046->16047 16048 7ff6f846967a 16047->16048 16050 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 16048->16050 16049 7ff6f8469686 16049->16035 16049->16042 16050->16049 16051->16049 16052 7ff6f8465e08 _get_daylight 11 API calls 16051->16052 16052->16048 16054 7ff6f84731cc 38 API calls 16053->16054 16055 7ff6f846d9e9 16054->16055 16056 7ff6f8472bb8 37 API calls 16055->16056 16057 7ff6f846da44 16056->16057 16058 7ff6f846da99 16057->16058 16060 7ff6f846da64 16057->16060 16062 7ff6f846da48 16057->16062 16059 7ff6f846d588 45 API calls 16058->16059 16059->16062 16061 7ff6f846d844 45 API calls 16060->16061 16061->16062 16062->16035 16064 7ff6f84731cc 38 API calls 16063->16064 16065 7ff6f846d7b6 16064->16065 16066 7ff6f8472bb8 37 API calls 16065->16066 16067 7ff6f846d806 16066->16067 16068 7ff6f846d80a 16067->16068 16069 7ff6f846d844 45 API calls 16067->16069 16068->16035 16069->16068 16071 7ff6f84731cc 38 API calls 16070->16071 16072 7ff6f846d4d7 16071->16072 16073 7ff6f8472bb8 37 API calls 16072->16073 16074 7ff6f846d52f 16073->16074 16075 7ff6f846d533 16074->16075 16076 7ff6f846d588 45 API calls 16074->16076 16075->16035 16076->16075 16078 7ff6f846d11d 16077->16078 16079 7ff6f846d150 16077->16079 16080 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16078->16080 16081 7ff6f846d16b 16079->16081 16083 7ff6f846d1ef 16079->16083 16085 7ff6f846d149 memcpy_s 16080->16085 16082 7ff6f846d48c 46 API calls 16081->16082 16082->16085 16084 7ff6f84635d0 45 API calls 16083->16084 16083->16085 16084->16085 16085->16035 16087 7ff6f846f4c7 WideCharToMultiByte 16086->16087 16090 7ff6f845f22a 16089->16090 16091 7ff6f845f23c 16089->16091 16092 7ff6f8465e08 _get_daylight 11 API calls 16090->16092 16094 7ff6f845f249 16091->16094 16097 7ff6f845f286 16091->16097 16093 7ff6f845f22f 16092->16093 16095 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 16093->16095 16096 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16094->16096 16102 7ff6f845f23a 16095->16102 16096->16102 16098 7ff6f8465e08 _get_daylight 11 API calls 16097->16098 16099 7ff6f845f332 16097->16099 16100 7ff6f845f327 16098->16100 16101 7ff6f8465e08 _get_daylight 11 API calls 16099->16101 16099->16102 16103 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 16100->16103 16104 7ff6f845f3df 16101->16104 16102->15899 16103->16099 16105 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 16104->16105 16105->16102 16107 7ff6f846d04d 16106->16107 16108 7ff6f846360f 16106->16108 16107->16108 16114 7ff6f84727b8 16107->16114 16110 7ff6f846d0a0 16108->16110 16111 7ff6f846d0b9 16110->16111 16112 7ff6f846361f 16110->16112 16111->16112 16149 7ff6f8471b40 16111->16149 16112->15899 16126 7ff6f846aab0 GetLastError 16114->16126 16117 7ff6f8472812 16117->16108 16127 7ff6f846aad4 FlsGetValue 16126->16127 16128 7ff6f846aaf1 FlsSetValue 16126->16128 16129 7ff6f846aaeb 16127->16129 16146 7ff6f846aae1 16127->16146 16130 7ff6f846ab03 16128->16130 16128->16146 16129->16128 16132 7ff6f846e248 _get_daylight 11 API calls 16130->16132 16131 7ff6f846ab5d SetLastError 16133 7ff6f846ab7d 16131->16133 16134 7ff6f846ab6a 16131->16134 16135 7ff6f846ab12 16132->16135 16136 7ff6f84696bc __FrameHandler3::FrameUnwindToEmptyState 38 API calls 16133->16136 16134->16117 16148 7ff6f846fb48 EnterCriticalSection 16134->16148 16137 7ff6f846ab30 FlsSetValue 16135->16137 16138 7ff6f846ab20 FlsSetValue 16135->16138 16141 7ff6f846ab82 16136->16141 16139 7ff6f846ab3c FlsSetValue 16137->16139 16140 7ff6f846ab4e 16137->16140 16142 7ff6f846ab29 16138->16142 16139->16142 16143 7ff6f846a860 _get_daylight 11 API calls 16140->16143 16144 7ff6f846a2b8 __free_lconv_num 11 API calls 16142->16144 16145 7ff6f846ab56 16143->16145 16144->16146 16147 7ff6f846a2b8 __free_lconv_num 11 API calls 16145->16147 16146->16131 16147->16131 16150 7ff6f846aab0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16149->16150 16151 7ff6f8471b49 16150->16151 16153 7ff6f8463926 16152->16153 16154 7ff6f846395e 16153->16154 16155 7ff6f8463991 16153->16155 16156 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16154->16156 16159 7ff6f845f028 16155->16159 16158 7ff6f8463987 16156->16158 16158->15887 16166 7ff6f846412c EnterCriticalSection 16159->16166 16174 7ff6f846412c EnterCriticalSection 16167->16174 16176 7ff6f8451d00 86 API calls 16175->16176 16177 7ff6f8451c37 16176->16177 16180 7ff6f8464280 16177->16180 16181 7ff6f84642ab 16180->16181 16184 7ff6f8464144 16181->16184 16197 7ff6f8466ad0 EnterCriticalSection 16184->16197 16199 7ff6f8452cbc GetModuleFileNameW 16198->16199 16199->15518 16199->15519 16201 7ff6f8456eb2 WideCharToMultiByte 16200->16201 16202 7ff6f8456e44 WideCharToMultiByte 16200->16202 16204 7ff6f8456edf 16201->16204 16208 7ff6f8452d15 16201->16208 16203 7ff6f8456e6e 16202->16203 16206 7ff6f8456e85 16202->16206 16205 7ff6f8451cb0 86 API calls 16203->16205 16207 7ff6f8451cb0 86 API calls 16204->16207 16205->16208 16206->16201 16209 7ff6f8456e9b 16206->16209 16207->16208 16208->15523 16208->15525 16210 7ff6f8451cb0 86 API calls 16209->16210 16210->16208 16212 7ff6f8455b2e 16211->16212 16213 7ff6f84695d3 16211->16213 16212->15543 16213->16212 16214 7ff6f846965c __std_exception_copy 37 API calls 16213->16214 16215 7ff6f8469600 16214->16215 16215->16212 16216 7ff6f846a270 _wfindfirst32i64 17 API calls 16215->16216 16217 7ff6f8469630 16216->16217 16219 7ff6f84517d4 16218->16219 16220 7ff6f84517e4 16218->16220 16221 7ff6f8452dc0 120 API calls 16219->16221 16222 7ff6f84562c0 83 API calls 16220->16222 16248 7ff6f8451842 16220->16248 16221->16220 16223 7ff6f8451815 16222->16223 16223->16248 16252 7ff6f845eb90 16223->16252 16225 7ff6f845182b 16227 7ff6f845184c 16225->16227 16228 7ff6f845182f 16225->16228 16226 7ff6f845a040 _wfindfirst32i64 8 API calls 16229 7ff6f84519c0 16226->16229 16256 7ff6f845e878 16227->16256 16230 7ff6f8451c10 86 API calls 16228->16230 16229->15558 16229->15559 16230->16248 16233 7ff6f8451867 16235 7ff6f8451c10 86 API calls 16233->16235 16234 7ff6f845eb90 73 API calls 16236 7ff6f84518d1 16234->16236 16235->16248 16237 7ff6f84518e3 16236->16237 16238 7ff6f84518fe 16236->16238 16239 7ff6f8451c10 86 API calls 16237->16239 16240 7ff6f845e878 _fread_nolock 53 API calls 16238->16240 16239->16248 16241 7ff6f8451913 16240->16241 16241->16233 16242 7ff6f8451925 16241->16242 16259 7ff6f845e5ec 16242->16259 16245 7ff6f845193d 16246 7ff6f8451c50 86 API calls 16245->16246 16246->16248 16247 7ff6f8451993 16247->16248 16250 7ff6f845e528 74 API calls 16247->16250 16248->16226 16249 7ff6f8451950 16249->16247 16251 7ff6f8451c50 86 API calls 16249->16251 16250->16248 16251->16247 16253 7ff6f845ebc0 16252->16253 16265 7ff6f845e940 16253->16265 16255 7ff6f845ebd9 16255->16225 16277 7ff6f845e898 16256->16277 16260 7ff6f8451939 16259->16260 16261 7ff6f845e5f5 16259->16261 16260->16245 16260->16249 16262 7ff6f8465e08 _get_daylight 11 API calls 16261->16262 16263 7ff6f845e5fa 16262->16263 16264 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 16263->16264 16264->16260 16266 7ff6f845e9aa 16265->16266 16267 7ff6f845e96a 16265->16267 16266->16267 16269 7ff6f845e9af 16266->16269 16268 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16267->16268 16275 7ff6f845e991 16268->16275 16276 7ff6f846412c EnterCriticalSection 16269->16276 16275->16255 16278 7ff6f845e8c2 16277->16278 16279 7ff6f8451861 16277->16279 16278->16279 16280 7ff6f845e90e 16278->16280 16281 7ff6f845e8d1 memcpy_s 16278->16281 16279->16233 16279->16234 16290 7ff6f846412c EnterCriticalSection 16280->16290 16284 7ff6f8465e08 _get_daylight 11 API calls 16281->16284 16286 7ff6f845e8e6 16284->16286 16288 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 16286->16288 16288->16279 16383 7ff6f8455840 16291->16383 16293 7ff6f8451454 16294 7ff6f8451459 16293->16294 16392 7ff6f8455b60 16293->16392 16294->15587 16297 7ff6f84514a7 16300 7ff6f84514e0 16297->16300 16302 7ff6f8452dc0 120 API calls 16297->16302 16298 7ff6f8451487 16299 7ff6f8451c10 86 API calls 16298->16299 16319 7ff6f845149d 16299->16319 16301 7ff6f845eb90 73 API calls 16300->16301 16303 7ff6f84514f2 16301->16303 16304 7ff6f84514bf 16302->16304 16305 7ff6f8451516 16303->16305 16306 7ff6f84514f6 16303->16306 16304->16300 16307 7ff6f84514c7 16304->16307 16310 7ff6f845151c 16305->16310 16311 7ff6f8451534 16305->16311 16309 7ff6f8451c10 86 API calls 16306->16309 16308 7ff6f8451c50 86 API calls 16307->16308 16312 7ff6f84514d6 __std_exception_destroy 16308->16312 16309->16312 16412 7ff6f8451050 16310->16412 16314 7ff6f8451556 16311->16314 16323 7ff6f8451575 16311->16323 16316 7ff6f845e528 74 API calls 16312->16316 16318 7ff6f8451624 16312->16318 16315 7ff6f8451c10 86 API calls 16314->16315 16315->16312 16316->16318 16317 7ff6f845e528 74 API calls 16317->16319 16318->16317 16319->15587 16320 7ff6f845e878 _fread_nolock 53 API calls 16320->16323 16321 7ff6f84515d5 16324 7ff6f8451c10 86 API calls 16321->16324 16323->16312 16323->16320 16323->16321 16430 7ff6f845ef84 16323->16430 16324->16312 16326 7ff6f8451dd6 16325->16326 16327 7ff6f8451b30 49 API calls 16326->16327 16329 7ff6f8451e0b 16327->16329 16328 7ff6f84521f9 16329->16328 16330 7ff6f8452c30 49 API calls 16329->16330 16331 7ff6f8451e87 16330->16331 16982 7ff6f8452210 16331->16982 16334 7ff6f8451f17 16336 7ff6f8455840 127 API calls 16334->16336 16335 7ff6f8452210 75 API calls 16337 7ff6f8451f13 16335->16337 16338 7ff6f8451f1f 16336->16338 16337->16334 16339 7ff6f8451f85 16337->16339 16342 7ff6f8451f3c 16338->16342 16990 7ff6f8455720 16338->16990 16340 7ff6f8452210 75 API calls 16339->16340 16344 7ff6f8451fae 16340->16344 16343 7ff6f8451c50 86 API calls 16342->16343 16378 7ff6f8451f56 16342->16378 16343->16378 16345 7ff6f8452008 16344->16345 16346 7ff6f8452210 75 API calls 16344->16346 16345->16342 16347 7ff6f8455840 127 API calls 16345->16347 16348 7ff6f8451fdb 16346->16348 16353 7ff6f8452018 16347->16353 16348->16345 16351 7ff6f8452210 75 API calls 16348->16351 16349 7ff6f845a040 _wfindfirst32i64 8 API calls 16350 7ff6f8451f7a 16349->16350 16350->15587 16351->16345 16352 7ff6f8451af0 86 API calls 16354 7ff6f845206f 16352->16354 16353->16342 16353->16352 16355 7ff6f8452136 16353->16355 16354->16342 16355->16342 16369 7ff6f845214e 16355->16369 16369->16378 16378->16349 16380 7ff6f84517a1 16379->16380 16381 7ff6f8451795 16379->16381 16380->15587 16382 7ff6f8451c50 86 API calls 16381->16382 16382->16380 16384 7ff6f8455852 16383->16384 16389 7ff6f8455888 16383->16389 16434 7ff6f84516d0 16384->16434 16389->16293 16393 7ff6f8455b70 16392->16393 16394 7ff6f8451b30 49 API calls 16393->16394 16395 7ff6f8455ba1 16394->16395 16396 7ff6f8455d29 16395->16396 16397 7ff6f8451b30 49 API calls 16395->16397 16398 7ff6f845a040 _wfindfirst32i64 8 API calls 16396->16398 16400 7ff6f8455bc8 16397->16400 16399 7ff6f845147f 16398->16399 16399->16297 16399->16298 16400->16396 16945 7ff6f8464ef8 16400->16945 16402 7ff6f8455cd9 16403 7ff6f8456d10 88 API calls 16402->16403 16404 7ff6f8455cf1 16403->16404 16405 7ff6f8455d18 16404->16405 16406 7ff6f8451c50 86 API calls 16404->16406 16407 7ff6f8452dc0 120 API calls 16405->16407 16406->16405 16407->16396 16408 7ff6f8455bfd 16408->16396 16408->16402 16409 7ff6f8464ef8 49 API calls 16408->16409 16410 7ff6f8456d10 88 API calls 16408->16410 16411 7ff6f84569c0 58 API calls 16408->16411 16409->16408 16410->16408 16411->16408 16413 7ff6f84510a6 16412->16413 16414 7ff6f84510ad 16413->16414 16415 7ff6f84510d3 16413->16415 16416 7ff6f8451c50 86 API calls 16414->16416 16418 7ff6f84510ed 16415->16418 16419 7ff6f8451109 16415->16419 16417 7ff6f84510c0 16416->16417 16417->16312 16420 7ff6f8451c10 86 API calls 16418->16420 16421 7ff6f845111b 16419->16421 16426 7ff6f8451137 memcpy_s 16419->16426 16425 7ff6f8451104 __std_exception_destroy 16420->16425 16422 7ff6f8451c10 86 API calls 16421->16422 16422->16425 16423 7ff6f845e878 _fread_nolock 53 API calls 16423->16426 16424 7ff6f845e5ec 37 API calls 16424->16426 16425->16312 16426->16423 16426->16424 16426->16425 16428 7ff6f845ef84 76 API calls 16426->16428 16429 7ff6f84511fe 16426->16429 16428->16426 16431 7ff6f845efb4 16430->16431 16967 7ff6f845ece8 16431->16967 16433 7ff6f845efd2 16433->16323 16435 7ff6f84516f5 16434->16435 16436 7ff6f8451c50 86 API calls 16435->16436 16437 7ff6f8451738 16435->16437 16436->16437 16438 7ff6f84558a0 16437->16438 16439 7ff6f84558b8 16438->16439 16440 7ff6f845592b 16439->16440 16441 7ff6f84558d8 16439->16441 16442 7ff6f8455930 GetTempPathW GetCurrentProcessId 16440->16442 16443 7ff6f8455ab0 92 API calls 16441->16443 16477 7ff6f8456570 16442->16477 16445 7ff6f84558e4 16443->16445 16501 7ff6f84555a0 16445->16501 16450 7ff6f845a040 _wfindfirst32i64 8 API calls 16453 7ff6f845586d 16450->16453 16453->16389 16454 7ff6f8455a06 16457 7ff6f8456e20 88 API calls 16454->16457 16455 7ff6f845595e __std_exception_destroy 16455->16454 16459 7ff6f8455991 16455->16459 16481 7ff6f846782c 16455->16481 16484 7ff6f84569c0 16455->16484 16461 7ff6f8455a17 __std_exception_destroy 16457->16461 16462 7ff6f8456d10 88 API calls 16459->16462 16476 7ff6f84559ca __std_exception_destroy 16459->16476 16461->16476 16464 7ff6f84559a7 16462->16464 16476->16450 16478 7ff6f8456595 16477->16478 16535 7ff6f8463c74 16478->16535 16703 7ff6f846744c 16481->16703 16485 7ff6f845a070 16484->16485 16502 7ff6f84555ac 16501->16502 16503 7ff6f8456d10 88 API calls 16502->16503 16504 7ff6f84555ce 16503->16504 16505 7ff6f84555d6 16504->16505 16506 7ff6f84555e9 ExpandEnvironmentStringsW 16504->16506 16508 7ff6f8451c50 86 API calls 16505->16508 16507 7ff6f845560f __std_exception_destroy 16506->16507 16510 7ff6f8455626 16507->16510 16511 7ff6f8455613 16507->16511 16509 7ff6f84555e2 16508->16509 16512 7ff6f845a040 _wfindfirst32i64 8 API calls 16509->16512 16515 7ff6f8455634 16510->16515 16516 7ff6f8455640 16510->16516 16513 7ff6f8451c50 86 API calls 16511->16513 16514 7ff6f8455708 16512->16514 16513->16509 16514->16476 16525 7ff6f8466598 16514->16525 16838 7ff6f8465e28 16515->16838 16845 7ff6f8465158 16516->16845 16519 7ff6f845563e 16520 7ff6f845565a 16519->16520 16524 7ff6f845566d memcpy_s 16519->16524 16526 7ff6f84665b8 16525->16526 16527 7ff6f84665a5 16525->16527 16937 7ff6f846621c 16526->16937 16529 7ff6f8465e08 _get_daylight 11 API calls 16527->16529 16536 7ff6f8463cce 16535->16536 16537 7ff6f8463cf3 16536->16537 16539 7ff6f8463d2f 16536->16539 16538 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16537->16538 16541 7ff6f8463d1d 16538->16541 16553 7ff6f846186c 16539->16553 16543 7ff6f845a040 _wfindfirst32i64 8 API calls 16541->16543 16542 7ff6f8463e10 16544 7ff6f846a2b8 __free_lconv_num 11 API calls 16542->16544 16545 7ff6f84565b4 16543->16545 16544->16541 16545->16455 16547 7ff6f8463de5 16549 7ff6f846a2b8 __free_lconv_num 11 API calls 16547->16549 16548 7ff6f8463e36 16548->16542 16551 7ff6f8463e40 16548->16551 16549->16541 16550 7ff6f8463ddc 16550->16542 16550->16547 16552 7ff6f846a2b8 __free_lconv_num 11 API calls 16551->16552 16552->16541 16554 7ff6f84618aa 16553->16554 16555 7ff6f846189a 16553->16555 16556 7ff6f84618b0 16554->16556 16560 7ff6f84618e0 16554->16560 16559 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16555->16559 16557 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16556->16557 16558 7ff6f84618d8 16557->16558 16558->16542 16558->16547 16558->16548 16558->16550 16559->16558 16560->16555 16560->16558 16564 7ff6f84627e4 16560->16564 16595 7ff6f8461e38 16560->16595 16630 7ff6f84610cc 16560->16630 16565 7ff6f846289a 16564->16565 16566 7ff6f8462828 16564->16566 16567 7ff6f8462918 16565->16567 16568 7ff6f84628a0 16565->16568 16569 7ff6f846290b 16566->16569 16579 7ff6f846282e 16566->16579 16664 7ff6f8462f80 16567->16664 16568->16569 16571 7ff6f84628ac 16568->16571 16572 7ff6f8462904 16568->16572 16657 7ff6f84601c0 16569->16657 16576 7ff6f84628b2 16571->16576 16577 7ff6f84628e4 16571->16577 16575 7ff6f8463368 37 API calls 16572->16575 16574 7ff6f846286d 16590 7ff6f8462923 16574->16590 16633 7ff6f84632a4 16574->16633 16581 7ff6f84628cd 16576->16581 16586 7ff6f846288d 16576->16586 16579->16567 16579->16574 16579->16581 16582 7ff6f8462858 16579->16582 16579->16590 16646 7ff6f84634b4 16581->16646 16585 7ff6f846285d 16582->16585 16582->16586 16584 7ff6f845a040 _wfindfirst32i64 8 API calls 16585->16567 16585->16574 16586->16590 16590->16584 16596 7ff6f8461e5c 16595->16596 16597 7ff6f8461e46 16595->16597 16598 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16596->16598 16605 7ff6f8461e9c 16596->16605 16599 7ff6f846289a 16597->16599 16600 7ff6f8462828 16597->16600 16597->16605 16598->16605 16601 7ff6f8462918 16599->16601 16602 7ff6f84628a0 16599->16602 16603 7ff6f846290b 16600->16603 16613 7ff6f846282e 16600->16613 16604 7ff6f8462f80 47 API calls 16601->16604 16602->16603 16606 7ff6f84628ac 16602->16606 16607 7ff6f8462904 16602->16607 16608 7ff6f84601c0 38 API calls 16603->16608 16605->16560 16613->16601 16614 7ff6f84628cd 16613->16614 16618 7ff6f8462858 16613->16618 16624 7ff6f846286d 16613->16624 16628 7ff6f8462923 16613->16628 16624->16628 16686 7ff6f845f4ac 16630->16686 16658 7ff6f84601e6 16657->16658 16665 7ff6f8462fa6 16664->16665 16687 7ff6f845f4f3 16686->16687 16688 7ff6f845f4e1 16686->16688 16691 7ff6f845f501 16687->16691 16695 7ff6f845f53d 16687->16695 16689 7ff6f8465e08 _get_daylight 11 API calls 16688->16689 16690 7ff6f845f4e6 16689->16690 16693 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 16691->16693 16694 7ff6f845f89d 16695->16694 16697 7ff6f8465e08 _get_daylight 11 API calls 16695->16697 16744 7ff6f8470a48 16703->16744 16839 7ff6f8465e46 16838->16839 16841 7ff6f8465e79 16838->16841 16840 7ff6f846fce4 _wfindfirst32i64 37 API calls 16839->16840 16839->16841 16842 7ff6f8465e75 16840->16842 16841->16519 16842->16841 16846 7ff6f84651e2 16845->16846 16847 7ff6f8465174 16845->16847 16882 7ff6f846f47c 16846->16882 16847->16846 16849 7ff6f8465179 16847->16849 16850 7ff6f84651ae 16849->16850 16851 7ff6f8465191 16849->16851 16946 7ff6f846aab0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16945->16946 16948 7ff6f8464f0d 16946->16948 16947 7ff6f846f279 16954 7ff6f845a454 16947->16954 16948->16947 16953 7ff6f846f192 16948->16953 16951 7ff6f845a040 _wfindfirst32i64 8 API calls 16952 7ff6f846f271 16951->16952 16952->16408 16953->16951 16957 7ff6f845a468 IsProcessorFeaturePresent 16954->16957 16958 7ff6f845a47f 16957->16958 16963 7ff6f845a504 RtlCaptureContext RtlLookupFunctionEntry 16958->16963 16964 7ff6f845a493 16963->16964 16965 7ff6f845a534 RtlVirtualUnwind 16963->16965 16966 7ff6f845a344 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16964->16966 16965->16964 16968 7ff6f845ed35 16967->16968 16969 7ff6f845ed08 16967->16969 16968->16433 16969->16968 16970 7ff6f845ed3d 16969->16970 16971 7ff6f845ed12 16969->16971 16983 7ff6f8452244 16982->16983 16984 7ff6f8463a20 49 API calls 16983->16984 16985 7ff6f845226a 16984->16985 16986 7ff6f845227b 16985->16986 17014 7ff6f8464c14 16985->17014 16988 7ff6f845a040 _wfindfirst32i64 8 API calls 16986->16988 16989 7ff6f8451ec6 16988->16989 16989->16334 16989->16335 16991 7ff6f845572e 16990->16991 16992 7ff6f8452dc0 120 API calls 16991->16992 16993 7ff6f8455755 16992->16993 16994 7ff6f8455b60 134 API calls 16993->16994 16995 7ff6f8455763 16994->16995 16996 7ff6f8455813 16995->16996 16997 7ff6f845577d 16995->16997 17015 7ff6f8464c3d 17014->17015 17016 7ff6f8464c31 17014->17016 17056 7ff6f8464824 17015->17056 17031 7ff6f8464488 17016->17031 17019 7ff6f8464c36 17019->16986 17022 7ff6f8464c75 17067 7ff6f846430c 17022->17067 17025 7ff6f8464ce5 17027 7ff6f8464488 69 API calls 17025->17027 17026 7ff6f8464cd1 17026->17019 17029 7ff6f846a2b8 __free_lconv_num 11 API calls 17026->17029 17028 7ff6f8464cf1 17027->17028 17028->17019 17030 7ff6f846a2b8 __free_lconv_num 11 API calls 17028->17030 17029->17019 17030->17019 17032 7ff6f84644a2 17031->17032 17033 7ff6f84644bf 17031->17033 17035 7ff6f8465de8 _fread_nolock 11 API calls 17032->17035 17033->17032 17034 7ff6f84644d2 CreateFileW 17033->17034 17036 7ff6f846453c 17034->17036 17037 7ff6f8464506 17034->17037 17038 7ff6f84644a7 17035->17038 17115 7ff6f8464b04 17036->17115 17089 7ff6f84645dc GetFileType 17037->17089 17041 7ff6f8465e08 _get_daylight 11 API calls 17038->17041 17044 7ff6f84644af 17041->17044 17045 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 17044->17045 17051 7ff6f84644ba 17045->17051 17046 7ff6f846451b CloseHandle 17046->17051 17047 7ff6f8464531 CloseHandle 17047->17051 17048 7ff6f8464545 17052 7ff6f8465d7c _fread_nolock 11 API calls 17048->17052 17049 7ff6f8464570 17136 7ff6f84648c0 17049->17136 17051->17019 17057 7ff6f8464848 17056->17057 17058 7ff6f8464843 17056->17058 17057->17058 17059 7ff6f846aab0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17057->17059 17058->17022 17064 7ff6f846e4d8 17058->17064 17060 7ff6f8464863 17059->17060 17177 7ff6f846d000 17060->17177 17065 7ff6f846e2c0 __crtLCMapStringW 5 API calls 17064->17065 17066 7ff6f846e4f8 17065->17066 17066->17022 17068 7ff6f846435a 17067->17068 17069 7ff6f8464336 17067->17069 17070 7ff6f84643b4 17068->17070 17073 7ff6f846435f 17068->17073 17072 7ff6f846a2b8 __free_lconv_num 11 API calls 17069->17072 17074 7ff6f8464345 17069->17074 17185 7ff6f846ec04 17070->17185 17072->17074 17073->17074 17075 7ff6f8464374 17073->17075 17077 7ff6f846a2b8 __free_lconv_num 11 API calls 17073->17077 17074->17025 17074->17026 17078 7ff6f846cfa0 _fread_nolock 12 API calls 17075->17078 17077->17075 17078->17074 17090 7ff6f846462a 17089->17090 17091 7ff6f84646e7 17089->17091 17092 7ff6f8464656 GetFileInformationByHandle 17090->17092 17095 7ff6f84649fc 21 API calls 17090->17095 17093 7ff6f84646ef 17091->17093 17094 7ff6f8464711 17091->17094 17096 7ff6f8464702 GetLastError 17092->17096 17097 7ff6f846467f 17092->17097 17093->17096 17098 7ff6f84646f3 17093->17098 17099 7ff6f8464734 PeekNamedPipe 17094->17099 17113 7ff6f84646d2 17094->17113 17104 7ff6f8464644 17095->17104 17102 7ff6f8465d7c _fread_nolock 11 API calls 17096->17102 17100 7ff6f84648c0 51 API calls 17097->17100 17101 7ff6f8465e08 _get_daylight 11 API calls 17098->17101 17099->17113 17105 7ff6f846468a 17100->17105 17101->17113 17102->17113 17103 7ff6f845a040 _wfindfirst32i64 8 API calls 17106 7ff6f8464514 17103->17106 17104->17092 17104->17113 17153 7ff6f8464784 17105->17153 17106->17046 17106->17047 17113->17103 17116 7ff6f8464b3a 17115->17116 17117 7ff6f8465e08 _get_daylight 11 API calls 17116->17117 17135 7ff6f8464bd2 __std_exception_destroy 17116->17135 17119 7ff6f8464b4c 17117->17119 17118 7ff6f845a040 _wfindfirst32i64 8 API calls 17120 7ff6f8464541 17118->17120 17121 7ff6f8465e08 _get_daylight 11 API calls 17119->17121 17120->17048 17120->17049 17122 7ff6f8464b54 17121->17122 17123 7ff6f8465158 45 API calls 17122->17123 17135->17118 17178 7ff6f846d015 17177->17178 17180 7ff6f8464886 17177->17180 17179 7ff6f84727b8 45 API calls 17178->17179 17178->17180 17179->17180 17181 7ff6f846d06c 17180->17181 17182 7ff6f846d094 17181->17182 17183 7ff6f846d081 17181->17183 17182->17058 17183->17182 17184 7ff6f8471b40 45 API calls 17183->17184 17184->17182 17186 7ff6f846ec0c MultiByteToWideChar 17185->17186 17215 7ff6f8467270 17214->17215 17225 7ff6f8467322 memcpy_s 17214->17225 17216 7ff6f8467332 17215->17216 17218 7ff6f8467287 17215->17218 17221 7ff6f846ac28 _get_daylight 11 API calls 17216->17221 17216->17225 17217 7ff6f8465e08 _get_daylight 11 API calls 17230 7ff6f84560e0 17217->17230 17249 7ff6f846fb48 EnterCriticalSection 17218->17249 17222 7ff6f846734e 17221->17222 17222->17225 17227 7ff6f846cfa0 _fread_nolock 12 API calls 17222->17227 17225->17217 17225->17230 17227->17225 17230->15601 17251 7ff6f846520c 17250->17251 17252 7ff6f8465232 17251->17252 17254 7ff6f8465265 17251->17254 17253 7ff6f8465e08 _get_daylight 11 API calls 17252->17253 17255 7ff6f8465237 17253->17255 17256 7ff6f846526b 17254->17256 17257 7ff6f8465278 17254->17257 17258 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 17255->17258 17260 7ff6f8465e08 _get_daylight 11 API calls 17256->17260 17269 7ff6f846a598 17257->17269 17259 7ff6f8452e19 17258->17259 17259->15640 17260->17259 17282 7ff6f846fb48 EnterCriticalSection 17269->17282 17630 7ff6f8467e14 17629->17630 17633 7ff6f84678f8 17630->17633 17632 7ff6f8467e2d 17632->15650 17634 7ff6f8467913 17633->17634 17635 7ff6f8467942 17633->17635 17636 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 17634->17636 17643 7ff6f846412c EnterCriticalSection 17635->17643 17638 7ff6f8467933 17636->17638 17638->17632 17645 7ff6f845e323 17644->17645 17646 7ff6f845e351 17644->17646 17647 7ff6f846a180 _invalid_parameter_noinfo 37 API calls 17645->17647 17650 7ff6f845e343 17646->17650 17654 7ff6f846412c EnterCriticalSection 17646->17654 17647->17650 17650->15654 17656 7ff6f84512c6 17655->17656 17657 7ff6f84512f8 17655->17657 17658 7ff6f8452dc0 120 API calls 17656->17658 17659 7ff6f845eb90 73 API calls 17657->17659 17660 7ff6f84512d6 17658->17660 17661 7ff6f845130a 17659->17661 17660->17657 17662 7ff6f84512de 17660->17662 17663 7ff6f845130e 17661->17663 17664 7ff6f845132f 17661->17664 17666 7ff6f8451c50 86 API calls 17662->17666 17665 7ff6f8451c10 86 API calls 17663->17665 17669 7ff6f8451364 17664->17669 17670 7ff6f8451344 17664->17670 17667 7ff6f8451325 17665->17667 17668 7ff6f84512ee 17666->17668 17667->15664 17668->15664 17672 7ff6f845137e 17669->17672 17677 7ff6f8451395 17669->17677 17671 7ff6f8451c10 86 API calls 17670->17671 17673 7ff6f845135f __std_exception_destroy 17671->17673 17674 7ff6f8451050 94 API calls 17672->17674 17676 7ff6f8451421 17673->17676 17678 7ff6f845e528 74 API calls 17673->17678 17674->17673 17675 7ff6f845e878 _fread_nolock 53 API calls 17675->17677 17676->15664 17677->17673 17677->17675 17679 7ff6f84513de 17677->17679 17678->17676 17680 7ff6f8451c10 86 API calls 17679->17680 17680->17673 17682 7ff6f8451b30 49 API calls 17681->17682 17683 7ff6f8452e70 17682->17683 17683->15666 17685 7ff6f84516aa 17684->17685 17686 7ff6f8451666 17684->17686 17685->15670 17686->17685 17687 7ff6f8451c50 86 API calls 17686->17687 17688 7ff6f84516be 17687->17688 17688->15670 17690 7ff6f8456d10 88 API calls 17689->17690 17691 7ff6f8456287 LoadLibraryExW 17690->17691 17692 7ff6f84562a4 __std_exception_destroy 17691->17692 17692->15691 17693->15765 17694->15764 17696 7ff6f8453ab0 17695->17696 17697 7ff6f8451b30 49 API calls 17696->17697 17698 7ff6f8453ae2 17697->17698 17699 7ff6f8453b0b 17698->17699 17700 7ff6f8453aeb 17698->17700 17702 7ff6f8453b62 17699->17702 17704 7ff6f8452e40 49 API calls 17699->17704 17701 7ff6f8451c50 86 API calls 17700->17701 17722 7ff6f8453b01 17701->17722 17703 7ff6f8452e40 49 API calls 17702->17703 17705 7ff6f8453b7b 17703->17705 17706 7ff6f8453b2c 17704->17706 17707 7ff6f8453b99 17705->17707 17710 7ff6f8451c50 86 API calls 17705->17710 17708 7ff6f8453b4a 17706->17708 17712 7ff6f8451c50 86 API calls 17706->17712 17711 7ff6f8456270 89 API calls 17707->17711 17766 7ff6f8452d50 17708->17766 17709 7ff6f845a040 _wfindfirst32i64 8 API calls 17714 7ff6f84522be 17709->17714 17710->17707 17715 7ff6f8453ba6 17711->17715 17712->17708 17714->15776 17723 7ff6f8453e20 17714->17723 17717 7ff6f8453bab 17715->17717 17718 7ff6f8453bcd 17715->17718 17719 7ff6f8451cb0 86 API calls 17717->17719 17772 7ff6f8452f00 GetProcAddress 17718->17772 17719->17722 17721 7ff6f8456270 89 API calls 17721->17702 17722->17709 17724 7ff6f8455ab0 92 API calls 17723->17724 17726 7ff6f8453e35 17724->17726 17725 7ff6f8453e50 17727 7ff6f8456d10 88 API calls 17725->17727 17726->17725 17729 7ff6f8451c50 86 API calls 17726->17729 17728 7ff6f8453e94 17727->17728 17730 7ff6f8453e99 17728->17730 17731 7ff6f8453eb0 17728->17731 17729->17725 17732 7ff6f8451c50 86 API calls 17730->17732 17734 7ff6f8456d10 88 API calls 17731->17734 17733 7ff6f8453ea5 17732->17733 17733->15778 17735 7ff6f8453ee5 17734->17735 17738 7ff6f8451b30 49 API calls 17735->17738 17749 7ff6f8453eea __std_exception_destroy 17735->17749 17736 7ff6f8451c50 86 API calls 17737 7ff6f8454091 17736->17737 17737->15778 17739 7ff6f8453f67 17738->17739 17740 7ff6f8453f93 17739->17740 17741 7ff6f8453f6e 17739->17741 17743 7ff6f8456d10 88 API calls 17740->17743 17742 7ff6f8451c50 86 API calls 17741->17742 17744 7ff6f8453f83 17742->17744 17745 7ff6f8453fac 17743->17745 17744->15778 17745->17749 17749->17736 17750 7ff6f845407a 17749->17750 17750->15778 17752 7ff6f8453837 17751->17752 17752->17752 17753 7ff6f8453860 17752->17753 17757 7ff6f8453877 __std_exception_destroy 17752->17757 17754 7ff6f8451c50 86 API calls 17753->17754 17756 7ff6f845395f 17757->17756 17758 7ff6f84512b0 120 API calls 17757->17758 17759 7ff6f8451780 86 API calls 17757->17759 17760 7ff6f8451c50 86 API calls 17757->17760 17758->17757 17759->17757 17760->17757 17767 7ff6f8452d5a 17766->17767 17768 7ff6f8456d10 88 API calls 17767->17768 17769 7ff6f8452d82 17768->17769 17770 7ff6f845a040 _wfindfirst32i64 8 API calls 17769->17770 17771 7ff6f8452daa 17770->17771 17771->17702 17771->17721 17773 7ff6f8452f4b GetProcAddress 17772->17773 17774 7ff6f8452f28 17772->17774 17773->17774 17775 7ff6f8452f70 GetProcAddress 17773->17775 17776 7ff6f8451cb0 86 API calls 17774->17776 17775->17774 17777 7ff6f8452f95 GetProcAddress 17775->17777 17778 7ff6f8452f3b 17776->17778 17777->17774 17779 7ff6f8452fbd GetProcAddress 17777->17779 17778->17722 17779->17774 17780 7ff6f8452fe5 GetProcAddress 17779->17780 17780->17774 17781 7ff6f845300d GetProcAddress 17780->17781 17782 7ff6f8453029 17781->17782 17783 7ff6f8453035 GetProcAddress 17781->17783 17782->17783 17784 7ff6f845305d GetProcAddress 17783->17784 17785 7ff6f8453051 17783->17785 17786 7ff6f8453079 17784->17786 17785->17784 18028 7ff6f846aab0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18027->18028 18029 7ff6f8469591 18028->18029 18032 7ff6f84696bc 18029->18032 18041 7ff6f8466f78 18032->18041 18067 7ff6f8466e54 18041->18067 18072 7ff6f846fb48 EnterCriticalSection 18067->18072 19126 7ff6f846a930 19127 7ff6f846a935 19126->19127 19128 7ff6f846a94a 19126->19128 19132 7ff6f846a950 19127->19132 19133 7ff6f846a992 19132->19133 19134 7ff6f846a99a 19132->19134 19135 7ff6f846a2b8 __free_lconv_num 11 API calls 19133->19135 19136 7ff6f846a2b8 __free_lconv_num 11 API calls 19134->19136 19135->19134 19137 7ff6f846a9a7 19136->19137 19138 7ff6f846a2b8 __free_lconv_num 11 API calls 19137->19138 19139 7ff6f846a9b4 19138->19139 19140 7ff6f846a2b8 __free_lconv_num 11 API calls 19139->19140 19141 7ff6f846a9c1 19140->19141 19142 7ff6f846a2b8 __free_lconv_num 11 API calls 19141->19142 19143 7ff6f846a9ce 19142->19143 19144 7ff6f846a2b8 __free_lconv_num 11 API calls 19143->19144 19145 7ff6f846a9db 19144->19145 19146 7ff6f846a2b8 __free_lconv_num 11 API calls 19145->19146 19147 7ff6f846a9e8 19146->19147 19148 7ff6f846a2b8 __free_lconv_num 11 API calls 19147->19148 19149 7ff6f846a9f5 19148->19149 19150 7ff6f846a2b8 __free_lconv_num 11 API calls 19149->19150 19151 7ff6f846aa05 19150->19151 19152 7ff6f846a2b8 __free_lconv_num 11 API calls 19151->19152 19153 7ff6f846aa15 19152->19153 19158 7ff6f846a800 19153->19158 19172 7ff6f846fb48 EnterCriticalSection 19158->19172 18698 7ff6f8458c30 18699 7ff6f8458c53 18698->18699 18700 7ff6f8458c6f memcpy_s 18698->18700 18701 7ff6f846cfa0 12 API calls 18699->18701 18701->18700 18771 7ff6f8470ba0 18782 7ff6f8476700 18771->18782 18783 7ff6f847670d 18782->18783 18784 7ff6f846a2b8 __free_lconv_num 11 API calls 18783->18784 18786 7ff6f8476729 18783->18786 18784->18783 18785 7ff6f846a2b8 __free_lconv_num 11 API calls 18785->18786 18786->18785 18787 7ff6f8470ba9 18786->18787 18788 7ff6f846fb48 EnterCriticalSection 18787->18788 18793 7ff6f8466ea0 18798 7ff6f846fb48 EnterCriticalSection 18793->18798 18076 7ff6f846fdc8 18077 7ff6f846fdec 18076->18077 18080 7ff6f846fdfc 18076->18080 18078 7ff6f8465e08 _get_daylight 11 API calls 18077->18078 18097 7ff6f846fdf1 18078->18097 18079 7ff6f84700dc 18082 7ff6f8465e08 _get_daylight 11 API calls 18079->18082 18080->18079 18081 7ff6f846fe1e 18080->18081 18083 7ff6f846fe3f 18081->18083 18222 7ff6f8470484 18081->18222 18084 7ff6f84700e1 18082->18084 18087 7ff6f846feb1 18083->18087 18089 7ff6f846fe65 18083->18089 18093 7ff6f846fea5 18083->18093 18086 7ff6f846a2b8 __free_lconv_num 11 API calls 18084->18086 18086->18097 18091 7ff6f846e248 _get_daylight 11 API calls 18087->18091 18107 7ff6f846fe74 18087->18107 18088 7ff6f846ff5e 18101 7ff6f846ff7b 18088->18101 18108 7ff6f846ffcd 18088->18108 18237 7ff6f84689c0 18089->18237 18094 7ff6f846fec7 18091->18094 18093->18088 18093->18107 18243 7ff6f8476448 18093->18243 18098 7ff6f846a2b8 __free_lconv_num 11 API calls 18094->18098 18096 7ff6f846a2b8 __free_lconv_num 11 API calls 18096->18097 18103 7ff6f846fed5 18098->18103 18099 7ff6f846fe8d 18099->18093 18106 7ff6f8470484 45 API calls 18099->18106 18100 7ff6f846fe6f 18104 7ff6f8465e08 _get_daylight 11 API calls 18100->18104 18102 7ff6f846a2b8 __free_lconv_num 11 API calls 18101->18102 18105 7ff6f846ff84 18102->18105 18103->18093 18103->18107 18111 7ff6f846e248 _get_daylight 11 API calls 18103->18111 18104->18107 18116 7ff6f846ff89 18105->18116 18279 7ff6f8472890 18105->18279 18106->18093 18107->18096 18108->18107 18109 7ff6f8472890 40 API calls 18108->18109 18110 7ff6f847000a 18109->18110 18112 7ff6f846a2b8 __free_lconv_num 11 API calls 18110->18112 18114 7ff6f846fef7 18111->18114 18115 7ff6f8470014 18112->18115 18119 7ff6f846a2b8 __free_lconv_num 11 API calls 18114->18119 18115->18107 18115->18116 18117 7ff6f84700d0 18116->18117 18122 7ff6f846e248 _get_daylight 11 API calls 18116->18122 18120 7ff6f846a2b8 __free_lconv_num 11 API calls 18117->18120 18118 7ff6f846ffb5 18121 7ff6f846a2b8 __free_lconv_num 11 API calls 18118->18121 18119->18093 18120->18097 18121->18116 18123 7ff6f8470058 18122->18123 18124 7ff6f8470069 18123->18124 18125 7ff6f8470060 18123->18125 18126 7ff6f846965c __std_exception_copy 37 API calls 18124->18126 18127 7ff6f846a2b8 __free_lconv_num 11 API calls 18125->18127 18128 7ff6f8470078 18126->18128 18148 7ff6f8470067 18127->18148 18129 7ff6f847010b 18128->18129 18130 7ff6f8470080 18128->18130 18132 7ff6f846a270 _wfindfirst32i64 17 API calls 18129->18132 18288 7ff6f8476560 18130->18288 18135 7ff6f847011f 18132->18135 18133 7ff6f846a2b8 __free_lconv_num 11 API calls 18133->18097 18138 7ff6f8470158 18135->18138 18139 7ff6f8470148 18135->18139 18136 7ff6f84700c8 18142 7ff6f846a2b8 __free_lconv_num 11 API calls 18136->18142 18137 7ff6f84700a7 18140 7ff6f8465e08 _get_daylight 11 API calls 18137->18140 18144 7ff6f847043a 18138->18144 18146 7ff6f847017a 18138->18146 18141 7ff6f8465e08 _get_daylight 11 API calls 18139->18141 18143 7ff6f84700ac 18140->18143 18166 7ff6f847014d 18141->18166 18142->18117 18145 7ff6f846a2b8 __free_lconv_num 11 API calls 18143->18145 18147 7ff6f8465e08 _get_daylight 11 API calls 18144->18147 18145->18148 18149 7ff6f8470197 18146->18149 18207 7ff6f847056c 18146->18207 18150 7ff6f847043f 18147->18150 18148->18133 18153 7ff6f847020b 18149->18153 18155 7ff6f84701bf 18149->18155 18161 7ff6f84701ff 18149->18161 18152 7ff6f846a2b8 __free_lconv_num 11 API calls 18150->18152 18152->18166 18157 7ff6f8470233 18153->18157 18162 7ff6f846e248 _get_daylight 11 API calls 18153->18162 18177 7ff6f84701ce 18153->18177 18154 7ff6f84702be 18165 7ff6f84702db 18154->18165 18174 7ff6f847032e 18154->18174 18307 7ff6f84689fc 18155->18307 18159 7ff6f846e248 _get_daylight 11 API calls 18157->18159 18157->18161 18157->18177 18164 7ff6f8470255 18159->18164 18160 7ff6f846a2b8 __free_lconv_num 11 API calls 18160->18166 18161->18154 18161->18177 18313 7ff6f8476308 18161->18313 18167 7ff6f8470225 18162->18167 18170 7ff6f846a2b8 __free_lconv_num 11 API calls 18164->18170 18171 7ff6f846a2b8 __free_lconv_num 11 API calls 18165->18171 18172 7ff6f846a2b8 __free_lconv_num 11 API calls 18167->18172 18168 7ff6f84701c9 18173 7ff6f8465e08 _get_daylight 11 API calls 18168->18173 18169 7ff6f84701e7 18169->18161 18176 7ff6f847056c 45 API calls 18169->18176 18170->18161 18175 7ff6f84702e4 18171->18175 18172->18157 18173->18177 18174->18177 18178 7ff6f8472890 40 API calls 18174->18178 18181 7ff6f8472890 40 API calls 18175->18181 18183 7ff6f84702ea 18175->18183 18176->18161 18177->18160 18179 7ff6f847036c 18178->18179 18180 7ff6f846a2b8 __free_lconv_num 11 API calls 18179->18180 18182 7ff6f8470376 18180->18182 18185 7ff6f8470316 18181->18185 18182->18177 18182->18183 18184 7ff6f847042e 18183->18184 18188 7ff6f846e248 _get_daylight 11 API calls 18183->18188 18186 7ff6f846a2b8 __free_lconv_num 11 API calls 18184->18186 18187 7ff6f846a2b8 __free_lconv_num 11 API calls 18185->18187 18186->18166 18187->18183 18189 7ff6f84703bb 18188->18189 18190 7ff6f84703cc 18189->18190 18191 7ff6f84703c3 18189->18191 18192 7ff6f846fce4 _wfindfirst32i64 37 API calls 18190->18192 18193 7ff6f846a2b8 __free_lconv_num 11 API calls 18191->18193 18195 7ff6f84703da 18192->18195 18194 7ff6f84703ca 18193->18194 18201 7ff6f846a2b8 __free_lconv_num 11 API calls 18194->18201 18196 7ff6f84703e2 SetEnvironmentVariableW 18195->18196 18197 7ff6f847046e 18195->18197 18198 7ff6f8470426 18196->18198 18199 7ff6f8470405 18196->18199 18200 7ff6f846a270 _wfindfirst32i64 17 API calls 18197->18200 18204 7ff6f846a2b8 __free_lconv_num 11 API calls 18198->18204 18202 7ff6f8465e08 _get_daylight 11 API calls 18199->18202 18203 7ff6f8470482 18200->18203 18201->18166 18205 7ff6f847040a 18202->18205 18204->18184 18206 7ff6f846a2b8 __free_lconv_num 11 API calls 18205->18206 18206->18194 18208 7ff6f847058f 18207->18208 18209 7ff6f84705ac 18207->18209 18208->18149 18209->18209 18210 7ff6f846e248 _get_daylight 11 API calls 18209->18210 18217 7ff6f84705d0 18210->18217 18211 7ff6f8470654 18212 7ff6f84696bc __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18211->18212 18214 7ff6f847065a 18212->18214 18213 7ff6f8470631 18215 7ff6f846a2b8 __free_lconv_num 11 API calls 18213->18215 18215->18208 18216 7ff6f846e248 _get_daylight 11 API calls 18216->18217 18217->18211 18217->18213 18217->18216 18218 7ff6f846a2b8 __free_lconv_num 11 API calls 18217->18218 18219 7ff6f846fce4 _wfindfirst32i64 37 API calls 18217->18219 18220 7ff6f8470640 18217->18220 18218->18217 18219->18217 18221 7ff6f846a270 _wfindfirst32i64 17 API calls 18220->18221 18221->18211 18223 7ff6f84704b9 18222->18223 18224 7ff6f84704a1 18222->18224 18225 7ff6f846e248 _get_daylight 11 API calls 18223->18225 18224->18083 18230 7ff6f84704dd 18225->18230 18226 7ff6f847053e 18229 7ff6f846a2b8 __free_lconv_num 11 API calls 18226->18229 18227 7ff6f84696bc __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18228 7ff6f8470568 18227->18228 18229->18224 18230->18226 18231 7ff6f846e248 _get_daylight 11 API calls 18230->18231 18232 7ff6f846a2b8 __free_lconv_num 11 API calls 18230->18232 18233 7ff6f846965c __std_exception_copy 37 API calls 18230->18233 18234 7ff6f847054d 18230->18234 18236 7ff6f8470562 18230->18236 18231->18230 18232->18230 18233->18230 18235 7ff6f846a270 _wfindfirst32i64 17 API calls 18234->18235 18235->18236 18236->18227 18238 7ff6f84689d9 18237->18238 18239 7ff6f84689d0 18237->18239 18238->18099 18238->18100 18239->18238 18337 7ff6f8468498 18239->18337 18244 7ff6f84755fc 18243->18244 18245 7ff6f8476455 18243->18245 18246 7ff6f8475609 18244->18246 18253 7ff6f847563f 18244->18253 18247 7ff6f8464824 45 API calls 18245->18247 18250 7ff6f8465e08 _get_daylight 11 API calls 18246->18250 18254 7ff6f84755b0 18246->18254 18248 7ff6f8476489 18247->18248 18255 7ff6f847649f 18248->18255 18259 7ff6f84764b6 18248->18259 18273 7ff6f847648e 18248->18273 18249 7ff6f8475669 18251 7ff6f8465e08 _get_daylight 11 API calls 18249->18251 18252 7ff6f8475613 18250->18252 18256 7ff6f847566e 18251->18256 18257 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18252->18257 18253->18249 18258 7ff6f847568e 18253->18258 18254->18093 18260 7ff6f8465e08 _get_daylight 11 API calls 18255->18260 18261 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18256->18261 18262 7ff6f847561e 18257->18262 18266 7ff6f8464824 45 API calls 18258->18266 18277 7ff6f8475679 18258->18277 18264 7ff6f84764d2 18259->18264 18265 7ff6f84764c0 18259->18265 18263 7ff6f84764a4 18260->18263 18261->18277 18262->18093 18269 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18263->18269 18267 7ff6f84764fa 18264->18267 18268 7ff6f84764e3 18264->18268 18270 7ff6f8465e08 _get_daylight 11 API calls 18265->18270 18266->18277 18575 7ff6f8478308 18267->18575 18566 7ff6f847564c 18268->18566 18269->18273 18274 7ff6f84764c5 18270->18274 18273->18093 18276 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18274->18276 18276->18273 18277->18093 18278 7ff6f8465e08 _get_daylight 11 API calls 18278->18273 18280 7ff6f84728b2 18279->18280 18281 7ff6f84728cf 18279->18281 18280->18281 18282 7ff6f84728c0 18280->18282 18283 7ff6f84728d9 18281->18283 18615 7ff6f8476f48 18281->18615 18284 7ff6f8465e08 _get_daylight 11 API calls 18282->18284 18622 7ff6f846fd4c 18283->18622 18287 7ff6f84728c5 memcpy_s 18284->18287 18287->18118 18289 7ff6f8464824 45 API calls 18288->18289 18290 7ff6f84765c6 18289->18290 18291 7ff6f846e4d8 5 API calls 18290->18291 18292 7ff6f84765d4 18290->18292 18291->18292 18293 7ff6f846430c 14 API calls 18292->18293 18294 7ff6f8476630 18293->18294 18295 7ff6f84766c0 18294->18295 18296 7ff6f8464824 45 API calls 18294->18296 18298 7ff6f84766d1 18295->18298 18299 7ff6f846a2b8 __free_lconv_num 11 API calls 18295->18299 18297 7ff6f8476643 18296->18297 18301 7ff6f846e4d8 5 API calls 18297->18301 18305 7ff6f847664c 18297->18305 18300 7ff6f84700a3 18298->18300 18302 7ff6f846a2b8 __free_lconv_num 11 API calls 18298->18302 18299->18298 18300->18136 18300->18137 18301->18305 18302->18300 18303 7ff6f846430c 14 API calls 18304 7ff6f84766a7 18303->18304 18304->18295 18306 7ff6f84766af SetEnvironmentVariableW 18304->18306 18305->18303 18306->18295 18308 7ff6f8468a0c 18307->18308 18309 7ff6f8468a15 18307->18309 18308->18309 18310 7ff6f846850c 40 API calls 18308->18310 18309->18168 18309->18169 18311 7ff6f8468a1e 18310->18311 18311->18309 18312 7ff6f84688cc 12 API calls 18311->18312 18312->18309 18314 7ff6f8476315 18313->18314 18318 7ff6f8476342 18313->18318 18315 7ff6f847631a 18314->18315 18314->18318 18316 7ff6f8465e08 _get_daylight 11 API calls 18315->18316 18319 7ff6f847631f 18316->18319 18317 7ff6f8476386 18320 7ff6f8465e08 _get_daylight 11 API calls 18317->18320 18318->18317 18321 7ff6f84763a5 18318->18321 18333 7ff6f847637a __crtLCMapStringW 18318->18333 18322 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18319->18322 18323 7ff6f847638b 18320->18323 18324 7ff6f84763c1 18321->18324 18325 7ff6f84763af 18321->18325 18326 7ff6f847632a 18322->18326 18329 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18323->18329 18328 7ff6f8464824 45 API calls 18324->18328 18327 7ff6f8465e08 _get_daylight 11 API calls 18325->18327 18326->18161 18330 7ff6f84763b4 18327->18330 18331 7ff6f84763ce 18328->18331 18329->18333 18332 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18330->18332 18331->18333 18634 7ff6f8477ec8 18331->18634 18332->18333 18333->18161 18336 7ff6f8465e08 _get_daylight 11 API calls 18336->18333 18338 7ff6f84684b1 18337->18338 18347 7ff6f84684ad 18337->18347 18360 7ff6f8471ae0 18338->18360 18343 7ff6f84684c3 18345 7ff6f846a2b8 __free_lconv_num 11 API calls 18343->18345 18344 7ff6f84684cf 18386 7ff6f846857c 18344->18386 18345->18347 18347->18238 18352 7ff6f84687ec 18347->18352 18349 7ff6f846a2b8 __free_lconv_num 11 API calls 18350 7ff6f84684f6 18349->18350 18351 7ff6f846a2b8 __free_lconv_num 11 API calls 18350->18351 18351->18347 18357 7ff6f8468815 18352->18357 18358 7ff6f846882e 18352->18358 18353 7ff6f846f4a4 WideCharToMultiByte 18353->18358 18354 7ff6f846e248 _get_daylight 11 API calls 18354->18358 18355 7ff6f84688be 18356 7ff6f846a2b8 __free_lconv_num 11 API calls 18355->18356 18356->18357 18357->18238 18358->18353 18358->18354 18358->18355 18358->18357 18359 7ff6f846a2b8 __free_lconv_num 11 API calls 18358->18359 18359->18358 18361 7ff6f8471aed 18360->18361 18362 7ff6f84684b6 18360->18362 18405 7ff6f846ab84 18361->18405 18366 7ff6f8471e1c GetEnvironmentStringsW 18362->18366 18367 7ff6f8471e4c 18366->18367 18368 7ff6f84684bb 18366->18368 18369 7ff6f846f4a4 WideCharToMultiByte 18367->18369 18368->18343 18368->18344 18370 7ff6f8471e9d 18369->18370 18371 7ff6f8471ea4 FreeEnvironmentStringsW 18370->18371 18372 7ff6f846cfa0 _fread_nolock 12 API calls 18370->18372 18371->18368 18373 7ff6f8471eb7 18372->18373 18374 7ff6f8471ec8 18373->18374 18375 7ff6f8471ebf 18373->18375 18377 7ff6f846f4a4 WideCharToMultiByte 18374->18377 18376 7ff6f846a2b8 __free_lconv_num 11 API calls 18375->18376 18378 7ff6f8471ec6 18376->18378 18379 7ff6f8471eeb 18377->18379 18378->18371 18380 7ff6f8471ef9 18379->18380 18381 7ff6f8471eef 18379->18381 18382 7ff6f846a2b8 __free_lconv_num 11 API calls 18380->18382 18383 7ff6f846a2b8 __free_lconv_num 11 API calls 18381->18383 18384 7ff6f8471ef7 FreeEnvironmentStringsW 18382->18384 18383->18384 18384->18368 18387 7ff6f84685a1 18386->18387 18388 7ff6f846e248 _get_daylight 11 API calls 18387->18388 18401 7ff6f84685d7 18388->18401 18389 7ff6f84685df 18390 7ff6f846a2b8 __free_lconv_num 11 API calls 18389->18390 18392 7ff6f84684d7 18390->18392 18391 7ff6f8468652 18393 7ff6f846a2b8 __free_lconv_num 11 API calls 18391->18393 18392->18349 18393->18392 18394 7ff6f846e248 _get_daylight 11 API calls 18394->18401 18395 7ff6f8468641 18397 7ff6f84687a8 11 API calls 18395->18397 18396 7ff6f846965c __std_exception_copy 37 API calls 18396->18401 18398 7ff6f8468649 18397->18398 18399 7ff6f846a2b8 __free_lconv_num 11 API calls 18398->18399 18399->18389 18400 7ff6f8468677 18402 7ff6f846a270 _wfindfirst32i64 17 API calls 18400->18402 18401->18389 18401->18391 18401->18394 18401->18395 18401->18396 18401->18400 18403 7ff6f846a2b8 __free_lconv_num 11 API calls 18401->18403 18404 7ff6f846868a 18402->18404 18403->18401 18406 7ff6f846ab95 FlsGetValue 18405->18406 18407 7ff6f846abb0 FlsSetValue 18405->18407 18408 7ff6f846abaa 18406->18408 18409 7ff6f846aba2 18406->18409 18407->18409 18410 7ff6f846abbd 18407->18410 18408->18407 18411 7ff6f846aba8 18409->18411 18412 7ff6f84696bc __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18409->18412 18413 7ff6f846e248 _get_daylight 11 API calls 18410->18413 18425 7ff6f84717b8 18411->18425 18414 7ff6f846ac25 18412->18414 18415 7ff6f846abcc 18413->18415 18416 7ff6f846abea FlsSetValue 18415->18416 18417 7ff6f846abda FlsSetValue 18415->18417 18419 7ff6f846ac08 18416->18419 18420 7ff6f846abf6 FlsSetValue 18416->18420 18418 7ff6f846abe3 18417->18418 18421 7ff6f846a2b8 __free_lconv_num 11 API calls 18418->18421 18422 7ff6f846a860 _get_daylight 11 API calls 18419->18422 18420->18418 18421->18409 18423 7ff6f846ac10 18422->18423 18424 7ff6f846a2b8 __free_lconv_num 11 API calls 18423->18424 18424->18411 18448 7ff6f8471a28 18425->18448 18427 7ff6f84717ed 18463 7ff6f84714b8 18427->18463 18430 7ff6f847180a 18430->18362 18431 7ff6f846cfa0 _fread_nolock 12 API calls 18432 7ff6f847181b 18431->18432 18433 7ff6f8471823 18432->18433 18435 7ff6f8471832 18432->18435 18434 7ff6f846a2b8 __free_lconv_num 11 API calls 18433->18434 18434->18430 18435->18435 18470 7ff6f8471b5c 18435->18470 18438 7ff6f847192e 18439 7ff6f8465e08 _get_daylight 11 API calls 18438->18439 18441 7ff6f8471933 18439->18441 18440 7ff6f8471989 18443 7ff6f84719f0 18440->18443 18481 7ff6f84712e8 18440->18481 18444 7ff6f846a2b8 __free_lconv_num 11 API calls 18441->18444 18442 7ff6f8471948 18442->18440 18445 7ff6f846a2b8 __free_lconv_num 11 API calls 18442->18445 18447 7ff6f846a2b8 __free_lconv_num 11 API calls 18443->18447 18444->18430 18445->18440 18447->18430 18449 7ff6f8471a4b 18448->18449 18450 7ff6f8471a55 18449->18450 18496 7ff6f846fb48 EnterCriticalSection 18449->18496 18452 7ff6f8471ac7 18450->18452 18455 7ff6f84696bc __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18450->18455 18452->18427 18456 7ff6f8471adf 18455->18456 18459 7ff6f846ab84 50 API calls 18456->18459 18462 7ff6f8471b32 18456->18462 18460 7ff6f8471b1c 18459->18460 18461 7ff6f84717b8 65 API calls 18460->18461 18461->18462 18462->18427 18464 7ff6f8464824 45 API calls 18463->18464 18465 7ff6f84714cc 18464->18465 18466 7ff6f84714ea 18465->18466 18467 7ff6f84714d8 GetOEMCP 18465->18467 18468 7ff6f84714ff 18466->18468 18469 7ff6f84714ef GetACP 18466->18469 18467->18468 18468->18430 18468->18431 18469->18468 18471 7ff6f84714b8 47 API calls 18470->18471 18472 7ff6f8471b89 18471->18472 18474 7ff6f8471bc6 IsValidCodePage 18472->18474 18478 7ff6f8471c09 memcpy_s 18472->18478 18473 7ff6f845a040 _wfindfirst32i64 8 API calls 18475 7ff6f8471925 18473->18475 18476 7ff6f8471bd7 18474->18476 18474->18478 18475->18438 18475->18442 18477 7ff6f8471c0e GetCPInfo 18476->18477 18480 7ff6f8471be0 memcpy_s 18476->18480 18477->18478 18477->18480 18478->18473 18497 7ff6f84715d0 18480->18497 18565 7ff6f846fb48 EnterCriticalSection 18481->18565 18498 7ff6f847160d GetCPInfo 18497->18498 18499 7ff6f8471703 18497->18499 18498->18499 18501 7ff6f8471620 18498->18501 18500 7ff6f845a040 _wfindfirst32i64 8 API calls 18499->18500 18503 7ff6f84717a2 18500->18503 18508 7ff6f84722e8 18501->18508 18503->18478 18507 7ff6f8476e90 54 API calls 18507->18499 18509 7ff6f8464824 45 API calls 18508->18509 18510 7ff6f847232a 18509->18510 18511 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18510->18511 18513 7ff6f8472360 18511->18513 18512 7ff6f8472367 18514 7ff6f845a040 _wfindfirst32i64 8 API calls 18512->18514 18513->18512 18515 7ff6f847242e 18513->18515 18516 7ff6f846cfa0 _fread_nolock 12 API calls 18513->18516 18519 7ff6f8472390 memcpy_s 18513->18519 18517 7ff6f8471697 18514->18517 18515->18512 18518 7ff6f846a2b8 __free_lconv_num 11 API calls 18515->18518 18516->18519 18523 7ff6f8476e90 18517->18523 18518->18512 18519->18515 18520 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18519->18520 18521 7ff6f8472409 18520->18521 18521->18515 18522 7ff6f8472414 GetStringTypeW 18521->18522 18522->18515 18524 7ff6f8464824 45 API calls 18523->18524 18525 7ff6f8476eb5 18524->18525 18528 7ff6f8476b70 18525->18528 18529 7ff6f8476bb2 18528->18529 18530 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18529->18530 18534 7ff6f8476bfc 18530->18534 18531 7ff6f8476e67 18533 7ff6f845a040 _wfindfirst32i64 8 API calls 18531->18533 18532 7ff6f8476d34 18532->18531 18537 7ff6f846a2b8 __free_lconv_num 11 API calls 18532->18537 18535 7ff6f84716ca 18533->18535 18534->18531 18534->18532 18536 7ff6f846cfa0 _fread_nolock 12 API calls 18534->18536 18538 7ff6f8476c32 18534->18538 18535->18507 18536->18538 18537->18531 18538->18532 18539 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18538->18539 18540 7ff6f8476ca2 18539->18540 18540->18532 18556 7ff6f846e698 18540->18556 18543 7ff6f8476d43 18543->18532 18546 7ff6f846cfa0 _fread_nolock 12 API calls 18543->18546 18547 7ff6f8476d61 18543->18547 18544 7ff6f8476cf1 18544->18532 18545 7ff6f846e698 __crtLCMapStringW 6 API calls 18544->18545 18545->18532 18546->18547 18547->18532 18548 7ff6f846e698 __crtLCMapStringW 6 API calls 18547->18548 18550 7ff6f8476dde 18548->18550 18549 7ff6f8476e13 18549->18532 18551 7ff6f846a2b8 __free_lconv_num 11 API calls 18549->18551 18550->18549 18552 7ff6f846f4a4 WideCharToMultiByte 18550->18552 18551->18532 18553 7ff6f8476e0d 18552->18553 18553->18549 18554 7ff6f8476e3a 18553->18554 18554->18532 18555 7ff6f846a2b8 __free_lconv_num 11 API calls 18554->18555 18555->18532 18557 7ff6f846e2c0 __crtLCMapStringW 5 API calls 18556->18557 18558 7ff6f846e6d6 18557->18558 18559 7ff6f846e6de 18558->18559 18562 7ff6f846e784 18558->18562 18559->18532 18559->18543 18559->18544 18561 7ff6f846e747 LCMapStringW 18561->18559 18563 7ff6f846e2c0 __crtLCMapStringW 5 API calls 18562->18563 18564 7ff6f846e7b2 __crtLCMapStringW 18563->18564 18564->18561 18567 7ff6f8475669 18566->18567 18568 7ff6f8475680 18566->18568 18569 7ff6f8465e08 _get_daylight 11 API calls 18567->18569 18568->18567 18571 7ff6f847568e 18568->18571 18570 7ff6f847566e 18569->18570 18572 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18570->18572 18573 7ff6f8464824 45 API calls 18571->18573 18574 7ff6f8475679 18571->18574 18572->18574 18573->18574 18574->18273 18576 7ff6f8464824 45 API calls 18575->18576 18577 7ff6f847832d 18576->18577 18580 7ff6f8477f88 18577->18580 18582 7ff6f8477fd6 18580->18582 18581 7ff6f845a040 _wfindfirst32i64 8 API calls 18583 7ff6f8476521 18581->18583 18584 7ff6f847805d 18582->18584 18586 7ff6f8478048 GetCPInfo 18582->18586 18587 7ff6f8478061 18582->18587 18583->18273 18583->18278 18585 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18584->18585 18584->18587 18588 7ff6f84780f7 18585->18588 18586->18584 18586->18587 18587->18581 18588->18587 18589 7ff6f846cfa0 _fread_nolock 12 API calls 18588->18589 18590 7ff6f847812e 18588->18590 18589->18590 18590->18587 18591 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18590->18591 18592 7ff6f8478194 18591->18592 18593 7ff6f84781bd 18592->18593 18594 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18592->18594 18593->18587 18595 7ff6f846a2b8 __free_lconv_num 11 API calls 18593->18595 18596 7ff6f84781b6 18594->18596 18595->18587 18596->18593 18597 7ff6f846cfa0 _fread_nolock 12 API calls 18596->18597 18598 7ff6f847820b 18596->18598 18597->18598 18598->18593 18599 7ff6f846ec04 _fread_nolock MultiByteToWideChar 18598->18599 18600 7ff6f847827e 18599->18600 18601 7ff6f8478284 18600->18601 18602 7ff6f84782a1 18600->18602 18601->18593 18604 7ff6f846a2b8 __free_lconv_num 11 API calls 18601->18604 18609 7ff6f846e51c 18602->18609 18604->18593 18606 7ff6f84782e0 18606->18587 18608 7ff6f846a2b8 __free_lconv_num 11 API calls 18606->18608 18607 7ff6f846a2b8 __free_lconv_num 11 API calls 18607->18606 18608->18587 18610 7ff6f846e2c0 __crtLCMapStringW 5 API calls 18609->18610 18611 7ff6f846e55a 18610->18611 18612 7ff6f846e784 __crtLCMapStringW 5 API calls 18611->18612 18613 7ff6f846e562 18611->18613 18614 7ff6f846e5cb CompareStringW 18612->18614 18613->18606 18613->18607 18614->18613 18616 7ff6f8476f6a HeapSize 18615->18616 18617 7ff6f8476f51 18615->18617 18618 7ff6f8465e08 _get_daylight 11 API calls 18617->18618 18619 7ff6f8476f56 18618->18619 18620 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18619->18620 18621 7ff6f8476f61 18620->18621 18621->18283 18623 7ff6f846fd6b 18622->18623 18624 7ff6f846fd61 18622->18624 18626 7ff6f846fd70 18623->18626 18632 7ff6f846fd77 _get_daylight 18623->18632 18625 7ff6f846cfa0 _fread_nolock 12 API calls 18624->18625 18631 7ff6f846fd69 18625->18631 18627 7ff6f846a2b8 __free_lconv_num 11 API calls 18626->18627 18627->18631 18628 7ff6f846fd7d 18630 7ff6f8465e08 _get_daylight 11 API calls 18628->18630 18629 7ff6f846fdaa HeapReAlloc 18629->18631 18629->18632 18630->18631 18631->18287 18632->18628 18632->18629 18633 7ff6f8472a40 _get_daylight 2 API calls 18632->18633 18633->18632 18636 7ff6f8477ef1 __crtLCMapStringW 18634->18636 18635 7ff6f847640a 18635->18333 18635->18336 18636->18635 18637 7ff6f846e51c 6 API calls 18636->18637 18637->18635 18806 7ff6f8479655 18809 7ff6f8464138 LeaveCriticalSection 18806->18809 19529 7ff6f84640d0 19530 7ff6f84640db 19529->19530 19538 7ff6f846e864 19530->19538 19551 7ff6f846fb48 EnterCriticalSection 19538->19551 18638 7ff6f846ecc0 18639 7ff6f846eea8 18638->18639 18641 7ff6f846ed03 _isindst 18638->18641 18640 7ff6f8465e08 _get_daylight 11 API calls 18639->18640 18656 7ff6f846ee9a 18640->18656 18641->18639 18644 7ff6f846ed7f _isindst 18641->18644 18642 7ff6f845a040 _wfindfirst32i64 8 API calls 18643 7ff6f846eec3 18642->18643 18659 7ff6f847535c 18644->18659 18649 7ff6f846eed4 18651 7ff6f846a270 _wfindfirst32i64 17 API calls 18649->18651 18652 7ff6f846eee8 18651->18652 18656->18642 18657 7ff6f846eddc 18657->18656 18684 7ff6f847539c 18657->18684 18660 7ff6f847536a 18659->18660 18661 7ff6f846ed9d 18659->18661 18691 7ff6f846fb48 EnterCriticalSection 18660->18691 18666 7ff6f8474768 18661->18666 18667 7ff6f8474771 18666->18667 18671 7ff6f846edb2 18666->18671 18668 7ff6f8465e08 _get_daylight 11 API calls 18667->18668 18669 7ff6f8474776 18668->18669 18670 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18669->18670 18670->18671 18671->18649 18672 7ff6f8474798 18671->18672 18673 7ff6f846edc3 18672->18673 18674 7ff6f84747a1 18672->18674 18673->18649 18678 7ff6f84747c8 18673->18678 18675 7ff6f8465e08 _get_daylight 11 API calls 18674->18675 18676 7ff6f84747a6 18675->18676 18677 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18676->18677 18677->18673 18679 7ff6f846edd4 18678->18679 18680 7ff6f84747d1 18678->18680 18679->18649 18679->18657 18681 7ff6f8465e08 _get_daylight 11 API calls 18680->18681 18682 7ff6f84747d6 18681->18682 18683 7ff6f846a250 _invalid_parameter_noinfo 37 API calls 18682->18683 18683->18679 18692 7ff6f846fb48 EnterCriticalSection 18684->18692 18928 7ff6f8479559 18929 7ff6f8479568 18928->18929 18930 7ff6f8479572 18928->18930 18932 7ff6f846fba8 LeaveCriticalSection 18929->18932

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 00007FF6F8474DC8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 135 7ff6f8474dc8-7ff6f8474e03 call 7ff6f8474758 call 7ff6f8474760 call 7ff6f84747c8 142 7ff6f847502d-7ff6f8475079 call 7ff6f846a270 call 7ff6f8474758 call 7ff6f8474760 call 7ff6f84747c8 135->142 143 7ff6f8474e09-7ff6f8474e14 call 7ff6f8474768 135->143 168 7ff6f84751b7-7ff6f8475225 call 7ff6f846a270 call 7ff6f8470a68 142->168 169 7ff6f847507f-7ff6f847508a call 7ff6f8474768 142->169 143->142 148 7ff6f8474e1a-7ff6f8474e24 143->148 150 7ff6f8474e46-7ff6f8474e4a 148->150 151 7ff6f8474e26-7ff6f8474e29 148->151 155 7ff6f8474e4d-7ff6f8474e55 150->155 153 7ff6f8474e2c-7ff6f8474e37 151->153 157 7ff6f8474e39-7ff6f8474e40 153->157 158 7ff6f8474e42-7ff6f8474e44 153->158 155->155 156 7ff6f8474e57-7ff6f8474e6a call 7ff6f846cfa0 155->156 166 7ff6f8474e6c-7ff6f8474e6e call 7ff6f846a2b8 156->166 167 7ff6f8474e82-7ff6f8474e8e call 7ff6f846a2b8 156->167 157->153 157->158 158->150 161 7ff6f8474e73-7ff6f8474e81 158->161 166->161 176 7ff6f8474e95-7ff6f8474e9d 167->176 187 7ff6f8475227-7ff6f847522e 168->187 188 7ff6f8475233-7ff6f8475236 168->188 169->168 178 7ff6f8475090-7ff6f847509b call 7ff6f8474798 169->178 176->176 179 7ff6f8474e9f-7ff6f8474eb0 call 7ff6f846fce4 176->179 178->168 189 7ff6f84750a1-7ff6f84750c4 call 7ff6f846a2b8 GetTimeZoneInformation 178->189 179->142 190 7ff6f8474eb6-7ff6f8474f0c call 7ff6f845b7b0 * 4 call 7ff6f8474ce4 179->190 191 7ff6f84752c3-7ff6f84752c6 187->191 192 7ff6f847526d-7ff6f8475280 call 7ff6f846cfa0 188->192 193 7ff6f8475238 188->193 202 7ff6f847518c-7ff6f84751b6 call 7ff6f8474750 call 7ff6f8474740 call 7ff6f8474748 189->202 203 7ff6f84750ca-7ff6f84750eb 189->203 247 7ff6f8474f0e-7ff6f8474f12 190->247 196 7ff6f847523b call 7ff6f8475044 191->196 199 7ff6f84752cc-7ff6f84752d4 call 7ff6f8474dc8 191->199 207 7ff6f847528b-7ff6f84752a6 call 7ff6f8470a68 192->207 208 7ff6f8475282 192->208 193->196 209 7ff6f8475240-7ff6f847526c call 7ff6f846a2b8 call 7ff6f845a040 196->209 199->209 210 7ff6f84750ed-7ff6f84750f3 203->210 211 7ff6f84750f6-7ff6f84750fd 203->211 233 7ff6f84752ad-7ff6f84752bf call 7ff6f846a2b8 207->233 234 7ff6f84752a8-7ff6f84752ab 207->234 216 7ff6f8475284-7ff6f8475289 call 7ff6f846a2b8 208->216 210->211 219 7ff6f8475111 211->219 220 7ff6f84750ff-7ff6f8475107 211->220 216->193 222 7ff6f8475113-7ff6f8475187 call 7ff6f845b7b0 * 4 call 7ff6f8472004 call 7ff6f84752dc * 2 219->222 220->219 227 7ff6f8475109-7ff6f847510f 220->227 222->202 227->222 233->191 234->216 249 7ff6f8474f18-7ff6f8474f1c 247->249 250 7ff6f8474f14 247->250 249->247 252 7ff6f8474f1e-7ff6f8474f43 call 7ff6f8477be8 249->252 250->249 258 7ff6f8474f46-7ff6f8474f4a 252->258 260 7ff6f8474f4c-7ff6f8474f57 258->260 261 7ff6f8474f59-7ff6f8474f5d 258->261 260->261 263 7ff6f8474f5f-7ff6f8474f63 260->263 261->258 266 7ff6f8474fe4-7ff6f8474fe8 263->266 267 7ff6f8474f65-7ff6f8474f8d call 7ff6f8477be8 263->267 268 7ff6f8474fea-7ff6f8474fec 266->268 269 7ff6f8474fef-7ff6f8474ffc 266->269 274 7ff6f8474fab-7ff6f8474faf 267->274 275 7ff6f8474f8f 267->275 268->269 272 7ff6f8475017-7ff6f8475026 call 7ff6f8474750 call 7ff6f8474740 269->272 273 7ff6f8474ffe-7ff6f8475014 call 7ff6f8474ce4 269->273 272->142 273->272 274->266 281 7ff6f8474fb1-7ff6f8474fcf call 7ff6f8477be8 274->281 279 7ff6f8474f92-7ff6f8474f99 275->279 279->274 282 7ff6f8474f9b-7ff6f8474fa9 279->282 287 7ff6f8474fdb-7ff6f8474fe2 281->287 282->274 282->279 287->266 288 7ff6f8474fd1-7ff6f8474fd5 287->288 288->266 289 7ff6f8474fd7 288->289 289->287
                                                                                                                                                                              APIs
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8474E0D
                                                                                                                                                                                • Part of subcall function 00007FF6F8474768: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F847477C
                                                                                                                                                                                • Part of subcall function 00007FF6F846A2B8: RtlReleasePrivilege.NTDLL(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2CE
                                                                                                                                                                                • Part of subcall function 00007FF6F846A2B8: GetLastError.KERNEL32(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2D8
                                                                                                                                                                                • Part of subcall function 00007FF6F846A270: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6F846A24E,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846A279
                                                                                                                                                                                • Part of subcall function 00007FF6F846A270: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6F846A24E,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846A29E
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8474DFC
                                                                                                                                                                                • Part of subcall function 00007FF6F84747C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F84747DC
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8475072
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8475083
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8475094
                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6F84752D4), ref: 00007FF6F84750BB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLastPresentPrivilegeProcessProcessorReleaseTimeZone
                                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                                              • API String ID: 415722205-1154798116
                                                                                                                                                                              • Opcode ID: 39f2bd43907f78d744289b85e0ff529a39e324cda87cb73a20144b89b06b98ae
                                                                                                                                                                              • Instruction ID: 7e211a3e722f1beff8e4008221bbcb851018bb5e6fff85f1377c2c8c3b41ed1f
                                                                                                                                                                              • Opcode Fuzzy Hash: 39f2bd43907f78d744289b85e0ff529a39e324cda87cb73a20144b89b06b98ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 78D1D026A0824286E720EF35D9416BD67A1FF85B94F414076EA2DCBAC5FF3CE441E748
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84558A0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTempPathW.KERNEL32(?,00000000,?,00007FF6F845586D), ref: 00007FF6F845593A
                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00007FF6F845586D), ref: 00007FF6F8455940
                                                                                                                                                                                • Part of subcall function 00007FF6F8455AB0: GetEnvironmentVariableW.KERNEL32(00007FF6F84527F7,?,?,?,?,?,?), ref: 00007FF6F8455AEA
                                                                                                                                                                                • Part of subcall function 00007FF6F8455AB0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8455B07
                                                                                                                                                                                • Part of subcall function 00007FF6F8466598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F84665B1
                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6F84559F1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                              • API String ID: 1556224225-1116378104
                                                                                                                                                                              • Opcode ID: bafe5a2e0fe7b36de16735fa97e61724c3247571283860c62dd3f1bf3daab493
                                                                                                                                                                              • Instruction ID: 30eb96322ad48523d971fb9c52381d2c268bafbc269179a50f72f20d9da7448d
                                                                                                                                                                              • Opcode Fuzzy Hash: bafe5a2e0fe7b36de16735fa97e61724c3247571283860c62dd3f1bf3daab493
                                                                                                                                                                              • Instruction Fuzzy Hash: B7519D25F0978240FB54AB3AA9562BE93419F4ABC0F4414B1ED2ECB7D6FD2CE501A708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846B3DC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 664 7ff6f846b3dc-7ff6f846b3fd 665 7ff6f846b417-7ff6f846b419 664->665 666 7ff6f846b3ff-7ff6f846b412 call 7ff6f8465de8 call 7ff6f8465e08 664->666 668 7ff6f846b7fb-7ff6f846b808 call 7ff6f8465de8 call 7ff6f8465e08 665->668 669 7ff6f846b41f-7ff6f846b426 665->669 684 7ff6f846b813 666->684 686 7ff6f846b80e call 7ff6f846a250 668->686 669->668 671 7ff6f846b42c-7ff6f846b460 669->671 671->668 675 7ff6f846b466-7ff6f846b46d 671->675 676 7ff6f846b487-7ff6f846b48a 675->676 677 7ff6f846b46f-7ff6f846b482 call 7ff6f8465de8 call 7ff6f8465e08 675->677 682 7ff6f846b7f7-7ff6f846b7f9 676->682 683 7ff6f846b490-7ff6f846b492 676->683 677->686 687 7ff6f846b816-7ff6f846b825 682->687 683->682 688 7ff6f846b498-7ff6f846b49b 683->688 684->687 686->684 688->677 691 7ff6f846b49d-7ff6f846b4c1 688->691 693 7ff6f846b4f6-7ff6f846b4fe 691->693 694 7ff6f846b4c3-7ff6f846b4c6 691->694 695 7ff6f846b4d2-7ff6f846b4e9 call 7ff6f8465de8 call 7ff6f8465e08 call 7ff6f846a250 693->695 696 7ff6f846b500-7ff6f846b52a call 7ff6f846cfa0 call 7ff6f846a2b8 * 2 693->696 697 7ff6f846b4c8-7ff6f846b4d0 694->697 698 7ff6f846b4ee-7ff6f846b4f4 694->698 725 7ff6f846b685 695->725 727 7ff6f846b52c-7ff6f846b542 call 7ff6f8465e08 call 7ff6f8465de8 696->727 728 7ff6f846b547-7ff6f846b571 call 7ff6f846bc0c 696->728 697->695 697->698 699 7ff6f846b575-7ff6f846b586 698->699 702 7ff6f846b58c-7ff6f846b594 699->702 703 7ff6f846b60d-7ff6f846b617 call 7ff6f8472ab0 699->703 702->703 706 7ff6f846b596-7ff6f846b598 702->706 714 7ff6f846b61d-7ff6f846b633 703->714 715 7ff6f846b6a3 703->715 706->703 710 7ff6f846b59a-7ff6f846b5b8 706->710 710->703 717 7ff6f846b5ba-7ff6f846b5c6 710->717 714->715 719 7ff6f846b635-7ff6f846b647 GetConsoleMode 714->719 723 7ff6f846b6a8-7ff6f846b6c9 ReadFile 715->723 717->703 721 7ff6f846b5c8-7ff6f846b5ca 717->721 719->715 724 7ff6f846b649-7ff6f846b651 719->724 721->703 726 7ff6f846b5cc-7ff6f846b5e4 721->726 729 7ff6f846b7c1-7ff6f846b7ca GetLastError 723->729 730 7ff6f846b6cf-7ff6f846b6d7 723->730 724->723 732 7ff6f846b653-7ff6f846b676 ReadConsoleW 724->732 735 7ff6f846b688-7ff6f846b692 call 7ff6f846a2b8 725->735 726->703 736 7ff6f846b5e6-7ff6f846b5f2 726->736 727->725 728->699 733 7ff6f846b7cc-7ff6f846b7e2 call 7ff6f8465e08 call 7ff6f8465de8 729->733 734 7ff6f846b7e7-7ff6f846b7ea 729->734 730->729 738 7ff6f846b6dd 730->738 741 7ff6f846b678 GetLastError 732->741 742 7ff6f846b697-7ff6f846b6a1 732->742 733->725 746 7ff6f846b7f0-7ff6f846b7f2 734->746 747 7ff6f846b67e-7ff6f846b680 call 7ff6f8465d7c 734->747 735->687 736->703 745 7ff6f846b5f4-7ff6f846b5f6 736->745 739 7ff6f846b6e4-7ff6f846b6fb 738->739 739->735 749 7ff6f846b6fd-7ff6f846b708 739->749 741->747 742->739 745->703 753 7ff6f846b5f8-7ff6f846b608 745->753 746->735 747->725 755 7ff6f846b70a-7ff6f846b723 call 7ff6f846afec 749->755 756 7ff6f846b72f-7ff6f846b737 749->756 753->703 764 7ff6f846b728-7ff6f846b72a 755->764 760 7ff6f846b739-7ff6f846b74b 756->760 761 7ff6f846b7af-7ff6f846b7bc call 7ff6f846ae14 756->761 765 7ff6f846b74d 760->765 766 7ff6f846b7a2-7ff6f846b7aa 760->766 761->764 764->735 768 7ff6f846b753-7ff6f846b75a 765->768 766->735 769 7ff6f846b75c-7ff6f846b760 768->769 770 7ff6f846b797-7ff6f846b79c 768->770 771 7ff6f846b77d 769->771 772 7ff6f846b762-7ff6f846b769 769->772 770->766 774 7ff6f846b783-7ff6f846b793 771->774 772->771 773 7ff6f846b76b-7ff6f846b76f 772->773 773->771 775 7ff6f846b771-7ff6f846b77b 773->775 774->768 776 7ff6f846b795 774->776 775->774 776->766
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: 718238527cc3eb11798ac025bfd5e66231c45317a7818014422ca5edc8f13228
                                                                                                                                                                              • Instruction ID: bc2f70520e0be01dcb1db1f43d65e58d288aaf9287dc05d1d240a67ee7603ad7
                                                                                                                                                                              • Opcode Fuzzy Hash: 718238527cc3eb11798ac025bfd5e66231c45317a7818014422ca5edc8f13228
                                                                                                                                                                              • Instruction Fuzzy Hash: F4C11722A0C68695EB609B31C4403BDB7A0FF82B90F4541B1DA6E87BD1EF7CE454E719
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8475044 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 777 7ff6f8475044-7ff6f8475079 call 7ff6f8474758 call 7ff6f8474760 call 7ff6f84747c8 784 7ff6f84751b7-7ff6f8475225 call 7ff6f846a270 call 7ff6f8470a68 777->784 785 7ff6f847507f-7ff6f847508a call 7ff6f8474768 777->785 796 7ff6f8475227-7ff6f847522e 784->796 797 7ff6f8475233-7ff6f8475236 784->797 785->784 790 7ff6f8475090-7ff6f847509b call 7ff6f8474798 785->790 790->784 798 7ff6f84750a1-7ff6f84750c4 call 7ff6f846a2b8 GetTimeZoneInformation 790->798 799 7ff6f84752c3-7ff6f84752c6 796->799 800 7ff6f847526d-7ff6f8475280 call 7ff6f846cfa0 797->800 801 7ff6f8475238 797->801 808 7ff6f847518c-7ff6f84751b6 call 7ff6f8474750 call 7ff6f8474740 call 7ff6f8474748 798->808 809 7ff6f84750ca-7ff6f84750eb 798->809 803 7ff6f847523b call 7ff6f8475044 799->803 805 7ff6f84752cc-7ff6f84752d4 call 7ff6f8474dc8 799->805 812 7ff6f847528b-7ff6f84752a6 call 7ff6f8470a68 800->812 813 7ff6f8475282 800->813 801->803 814 7ff6f8475240-7ff6f847526c call 7ff6f846a2b8 call 7ff6f845a040 803->814 805->814 815 7ff6f84750ed-7ff6f84750f3 809->815 816 7ff6f84750f6-7ff6f84750fd 809->816 834 7ff6f84752ad-7ff6f84752bf call 7ff6f846a2b8 812->834 835 7ff6f84752a8-7ff6f84752ab 812->835 820 7ff6f8475284-7ff6f8475289 call 7ff6f846a2b8 813->820 815->816 823 7ff6f8475111 816->823 824 7ff6f84750ff-7ff6f8475107 816->824 820->801 825 7ff6f8475113-7ff6f8475187 call 7ff6f845b7b0 * 4 call 7ff6f8472004 call 7ff6f84752dc * 2 823->825 824->823 830 7ff6f8475109-7ff6f847510f 824->830 825->808 830->825 834->799 835->820
                                                                                                                                                                              APIs
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8475072
                                                                                                                                                                                • Part of subcall function 00007FF6F84747C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F84747DC
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8475083
                                                                                                                                                                                • Part of subcall function 00007FF6F8474768: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F847477C
                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6F8475094
                                                                                                                                                                                • Part of subcall function 00007FF6F8474798: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F84747AC
                                                                                                                                                                                • Part of subcall function 00007FF6F846A2B8: RtlReleasePrivilege.NTDLL(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2CE
                                                                                                                                                                                • Part of subcall function 00007FF6F846A2B8: GetLastError.KERNEL32(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2D8
                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6F84752D4), ref: 00007FF6F84750BB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLastPrivilegeReleaseTimeZone
                                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                                              • API String ID: 1182710636-1154798116
                                                                                                                                                                              • Opcode ID: 2522dfc07df6e72b302cec8d7b141b2bfc010b33ede1e5b4a24cbe3b910145ef
                                                                                                                                                                              • Instruction ID: 94dec1cb37db3a45902282188e23ba34b701a5c3ad40a76847bc34467e934f8b
                                                                                                                                                                              • Opcode Fuzzy Hash: 2522dfc07df6e72b302cec8d7b141b2bfc010b33ede1e5b4a24cbe3b910145ef
                                                                                                                                                                              • Instruction Fuzzy Hash: C2518E36A1864286E720DF35D9815BD6760FF48784F4141B6EA6DC7AD6FF3CE4009B48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845A190 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                                              • Opcode ID: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                                              • Instruction ID: aa8da1aeaea780748f41a768ffc28750ea4b182981b5f3e819527cc963b0e5ea
                                                                                                                                                                              • Opcode Fuzzy Hash: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 0FE0EC70F1D60386E72CB7795C830BD51916F5A320FA002B5E23DC66C2ED2D7591776A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846FDC8 Relevance: 2.0, APIs: 1, Instructions: 462COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                              • Opcode ID: 26bb1b248eaca3f24a1e2343c2e7bbb612c3351a57372b8f8b67718c6495fa00
                                                                                                                                                                              • Instruction ID: bf86334594b3861977ffbecbca8cefe17b14323353420ccf2d2dfc378dc9f446
                                                                                                                                                                              • Opcode Fuzzy Hash: 26bb1b248eaca3f24a1e2343c2e7bbb612c3351a57372b8f8b67718c6495fa00
                                                                                                                                                                              • Instruction Fuzzy Hash: 7F02C221E1EA4781FF65EB31940127D6690AF02BA4F4446B5ED7DD67D2FE3DE401A308
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84517B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                              • API String ID: 3405171723-4158440160
                                                                                                                                                                              • Opcode ID: 3949a50f48d1e98ef5b585fd30241cb9f82364916b9fbe0635a62b2ee7723723
                                                                                                                                                                              • Instruction ID: 76ec1a6624b051a3b4b26ffed6a7370db9a89f69b18de4a671ba96c0bd420692
                                                                                                                                                                              • Opcode Fuzzy Hash: 3949a50f48d1e98ef5b585fd30241cb9f82364916b9fbe0635a62b2ee7723723
                                                                                                                                                                              • Instruction Fuzzy Hash: 5C511672A09B0286EB54DF38D45127C63A0EB48B88B518576DA2DCB3D9EF7CE444DB48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8451440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 53 7ff6f8451440-7ff6f8451457 call 7ff6f8455840 56 7ff6f8451459-7ff6f8451461 53->56 57 7ff6f8451462-7ff6f8451485 call 7ff6f8455b60 53->57 60 7ff6f84514a7-7ff6f84514ad 57->60 61 7ff6f8451487-7ff6f84514a2 call 7ff6f8451c10 57->61 63 7ff6f84514af-7ff6f84514ba call 7ff6f8452dc0 60->63 64 7ff6f84514e0-7ff6f84514f4 call 7ff6f845eb90 60->64 69 7ff6f8451635-7ff6f8451647 61->69 70 7ff6f84514bf-7ff6f84514c5 63->70 71 7ff6f8451516-7ff6f845151a 64->71 72 7ff6f84514f6-7ff6f8451511 call 7ff6f8451c10 64->72 70->64 73 7ff6f84514c7-7ff6f84514db call 7ff6f8451c50 70->73 76 7ff6f845151c-7ff6f8451528 call 7ff6f8451050 71->76 77 7ff6f8451534-7ff6f8451554 call 7ff6f8463eec 71->77 82 7ff6f8451617-7ff6f845161d 72->82 73->82 83 7ff6f845152d-7ff6f845152f 76->83 87 7ff6f8451556-7ff6f8451570 call 7ff6f8451c10 77->87 88 7ff6f8451575-7ff6f845157b 77->88 85 7ff6f845162b-7ff6f845162e call 7ff6f845e528 82->85 86 7ff6f845161f call 7ff6f845e528 82->86 83->82 98 7ff6f8451633 85->98 97 7ff6f8451624 86->97 99 7ff6f845160d-7ff6f8451612 87->99 90 7ff6f8451605-7ff6f8451608 call 7ff6f8463ed8 88->90 91 7ff6f8451581-7ff6f8451586 88->91 90->99 96 7ff6f8451590-7ff6f84515b2 call 7ff6f845e878 91->96 102 7ff6f84515b4-7ff6f84515cc call 7ff6f845ef84 96->102 103 7ff6f84515e5-7ff6f84515ec 96->103 97->85 98->69 99->82 109 7ff6f84515d5-7ff6f84515e3 102->109 110 7ff6f84515ce-7ff6f84515d1 102->110 105 7ff6f84515f3-7ff6f84515fb call 7ff6f8451c10 103->105 111 7ff6f8451600 105->111 109->105 110->96 112 7ff6f84515d3 110->112 111->90 112->111
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                              • API String ID: 0-666925554
                                                                                                                                                                              • Opcode ID: 3acfef74579bd68d42540ea8432d1bea97467878d5fbae69e2dde14999a71e15
                                                                                                                                                                              • Instruction ID: 02030ca7095df8b29da8626e55fc9f1fbd57dd4d494799f711880aadb51af0c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 3acfef74579bd68d42540ea8432d1bea97467878d5fbae69e2dde14999a71e15
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A51A921B0874282FB11DB39E4516BDA360AF45BD4F4405B1DE3D8B6DAFE3CE545AB08
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84569C0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                              • API String ID: 4998090-2855260032
                                                                                                                                                                              • Opcode ID: 9e7d023bd803c99aed3e0c6da19d3605def25700417b1150549128e9d488aadd
                                                                                                                                                                              • Instruction ID: 6577bdb0ad97f32a6399bd45a0409d6997ac57573bb659d2679ab786557c84d1
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e7d023bd803c99aed3e0c6da19d3605def25700417b1150549128e9d488aadd
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A41903261878282EB10DF34E4446AE7360FB85794F440671EA6E876D9FF3CE848D704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8475D08 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 360 7ff6f8475d08-7ff6f8475d7b call 7ff6f8475a38 363 7ff6f8475d7d-7ff6f8475d86 call 7ff6f8465de8 360->363 364 7ff6f8475d95-7ff6f8475d9f call 7ff6f8466be0 360->364 371 7ff6f8475d89-7ff6f8475d90 call 7ff6f8465e08 363->371 369 7ff6f8475dba-7ff6f8475e23 CreateFileW 364->369 370 7ff6f8475da1-7ff6f8475db8 call 7ff6f8465de8 call 7ff6f8465e08 364->370 374 7ff6f8475e25-7ff6f8475e2b 369->374 375 7ff6f8475ea0-7ff6f8475eab GetFileType 369->375 370->371 382 7ff6f84760d7-7ff6f84760f7 371->382 380 7ff6f8475e6d-7ff6f8475e9b GetLastError call 7ff6f8465d7c 374->380 381 7ff6f8475e2d-7ff6f8475e31 374->381 377 7ff6f8475ead-7ff6f8475ee8 GetLastError call 7ff6f8465d7c CloseHandle 375->377 378 7ff6f8475efe-7ff6f8475f05 375->378 377->371 394 7ff6f8475eee-7ff6f8475ef9 call 7ff6f8465e08 377->394 385 7ff6f8475f0d-7ff6f8475f10 378->385 386 7ff6f8475f07-7ff6f8475f0b 378->386 380->371 381->380 387 7ff6f8475e33-7ff6f8475e6b CreateFileW 381->387 392 7ff6f8475f16-7ff6f8475f6b call 7ff6f8466af8 385->392 393 7ff6f8475f12 385->393 386->392 387->375 387->380 399 7ff6f8475f6d-7ff6f8475f79 call 7ff6f8475c44 392->399 400 7ff6f8475f8a-7ff6f8475fbb call 7ff6f84757c0 392->400 393->392 394->371 399->400 405 7ff6f8475f7b 399->405 406 7ff6f8475fbd-7ff6f8475fbf 400->406 407 7ff6f8475fc1-7ff6f8476004 400->407 408 7ff6f8475f7d-7ff6f8475f85 call 7ff6f846a430 405->408 406->408 409 7ff6f8476026-7ff6f8476031 407->409 410 7ff6f8476006-7ff6f847600a 407->410 408->382 413 7ff6f8476037-7ff6f847603b 409->413 414 7ff6f84760d5 409->414 410->409 412 7ff6f847600c-7ff6f8476021 410->412 412->409 413->414 416 7ff6f8476041-7ff6f8476086 CloseHandle CreateFileW 413->416 414->382 417 7ff6f84760bb-7ff6f84760d0 416->417 418 7ff6f8476088-7ff6f84760b6 GetLastError call 7ff6f8465d7c call 7ff6f8466d20 416->418 417->414 418->417
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                                              • Opcode ID: 04a4e53e866e31c8fc58a914e80bac258d4f260b364362045a33b3d0c1470eba
                                                                                                                                                                              • Instruction ID: dd4edcf680883cdb496ee55f80783fb2af7d3eacb466b2749cb02b70ea9f7b68
                                                                                                                                                                              • Opcode Fuzzy Hash: 04a4e53e866e31c8fc58a914e80bac258d4f260b364362045a33b3d0c1470eba
                                                                                                                                                                              • Instruction Fuzzy Hash: 44C1BF36B28A4286EB10CF75C8916AC3761EB49BA8B014275DE3E9B7D4EF38E055D344
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8451000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 423 7ff6f8451000-7ff6f8452796 call 7ff6f845e300 call 7ff6f845e2f8 call 7ff6f8456720 call 7ff6f845a070 call 7ff6f84640b0 call 7ff6f8464d20 call 7ff6f8451af0 439 7ff6f84528aa 423->439 440 7ff6f845279c-7ff6f84527ab call 7ff6f8452cb0 423->440 441 7ff6f84528af-7ff6f84528cf call 7ff6f845a040 439->441 440->439 446 7ff6f84527b1-7ff6f84527c4 call 7ff6f8452b80 440->446 446->439 449 7ff6f84527ca-7ff6f84527dd call 7ff6f8452c30 446->449 449->439 452 7ff6f84527e3-7ff6f845280a call 7ff6f8455ab0 449->452 455 7ff6f845284c-7ff6f8452874 call 7ff6f8456050 call 7ff6f84519d0 452->455 456 7ff6f845280c-7ff6f845281b call 7ff6f8455ab0 452->456 466 7ff6f845287a-7ff6f8452890 call 7ff6f84519d0 455->466 467 7ff6f845295d-7ff6f845296e 455->467 456->455 461 7ff6f845281d-7ff6f8452823 456->461 463 7ff6f8452825-7ff6f845282d 461->463 464 7ff6f845282f-7ff6f8452849 call 7ff6f8463ed8 call 7ff6f8456050 461->464 463->464 464->455 477 7ff6f8452892-7ff6f84528a5 call 7ff6f8451c50 466->477 478 7ff6f84528d0-7ff6f84528d3 466->478 471 7ff6f8452983-7ff6f845299b call 7ff6f8456d10 467->471 472 7ff6f8452970-7ff6f845297a call 7ff6f8452480 467->472 482 7ff6f845299d-7ff6f84529a9 call 7ff6f8451c50 471->482 483 7ff6f84529ae-7ff6f84529b5 SetDllDirectoryW 471->483 486 7ff6f84529bb-7ff6f84529c8 call 7ff6f8454f80 472->486 487 7ff6f845297c 472->487 477->439 478->467 485 7ff6f84528d9-7ff6f84528f0 call 7ff6f8452dc0 478->485 482->439 483->486 496 7ff6f84528f7-7ff6f8452923 call 7ff6f84562c0 485->496 497 7ff6f84528f2-7ff6f84528f5 485->497 494 7ff6f84529ca-7ff6f84529da call 7ff6f8454c20 486->494 495 7ff6f8452a16-7ff6f8452a1b call 7ff6f8454f00 486->495 487->471 494->495 511 7ff6f84529dc-7ff6f84529eb call 7ff6f8454780 494->511 504 7ff6f8452a20-7ff6f8452a23 495->504 506 7ff6f845294d-7ff6f845295b 496->506 507 7ff6f8452925-7ff6f845292d call 7ff6f845e528 496->507 500 7ff6f8452932-7ff6f8452948 call 7ff6f8451c50 497->500 500->439 509 7ff6f8452ad6-7ff6f8452ae5 call 7ff6f8452310 504->509 510 7ff6f8452a29-7ff6f8452a36 504->510 506->472 507->500 509->439 525 7ff6f8452aeb-7ff6f8452b22 call 7ff6f8455fe0 call 7ff6f8455ab0 call 7ff6f8454520 509->525 513 7ff6f8452a40-7ff6f8452a4a 510->513 523 7ff6f8452a0c-7ff6f8452a11 call 7ff6f84549d0 511->523 524 7ff6f84529ed-7ff6f84529f9 call 7ff6f8454710 511->524 517 7ff6f8452a4c-7ff6f8452a51 513->517 518 7ff6f8452a53-7ff6f8452a55 513->518 517->513 517->518 521 7ff6f8452a57-7ff6f8452a7a call 7ff6f8451b30 518->521 522 7ff6f8452aa1-7ff6f8452ad1 call 7ff6f8452470 call 7ff6f84522b0 call 7ff6f8452460 call 7ff6f84549d0 call 7ff6f8454f00 518->522 521->439 538 7ff6f8452a80-7ff6f8452a8b 521->538 522->441 523->495 524->523 535 7ff6f84529fb-7ff6f8452a0a call 7ff6f8454dd0 524->535 525->439 548 7ff6f8452b28-7ff6f8452b3b call 7ff6f8452470 call 7ff6f8456090 525->548 535->504 539 7ff6f8452a90-7ff6f8452a9f 538->539 539->522 539->539 556 7ff6f8452b40-7ff6f8452b5d call 7ff6f84549d0 call 7ff6f8454f00 548->556 561 7ff6f8452b67-7ff6f8452b71 call 7ff6f8451ab0 556->561 562 7ff6f8452b5f-7ff6f8452b62 call 7ff6f8455d50 556->562 561->441 562->561
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00007FF6F8452CB0: GetModuleFileNameW.KERNEL32(?,00007FF6F84527A9,?,?,?,?,?,?), ref: 00007FF6F8452CE1
                                                                                                                                                                              • SetDllDirectoryW.KERNEL32 ref: 00007FF6F84529B5
                                                                                                                                                                                • Part of subcall function 00007FF6F8455AB0: GetEnvironmentVariableW.KERNEL32(00007FF6F84527F7,?,?,?,?,?,?), ref: 00007FF6F8455AEA
                                                                                                                                                                                • Part of subcall function 00007FF6F8455AB0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8455B07
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                              • API String ID: 2344891160-3602715111
                                                                                                                                                                              • Opcode ID: 1bbc8bb8ae2d819200fc7e4e108366effb9769880bef3fbb7684e573beeb7306
                                                                                                                                                                              • Instruction ID: edfbaf98d80609fe83b3900b965937fa0f3545350f03d236af9edd4d82f78a79
                                                                                                                                                                              • Opcode Fuzzy Hash: 1bbc8bb8ae2d819200fc7e4e108366effb9769880bef3fbb7684e573beeb7306
                                                                                                                                                                              • Instruction Fuzzy Hash: A7C1A021A1C79351FB24EB3998512BE5390BF84784F4441B2EA6DCF6DAFF2CE505A708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8451050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 566 7ff6f8451050-7ff6f84510ab call 7ff6f8458c20 569 7ff6f84510ad-7ff6f84510d2 call 7ff6f8451c50 566->569 570 7ff6f84510d3-7ff6f84510eb call 7ff6f8463eec 566->570 575 7ff6f84510ed-7ff6f8451104 call 7ff6f8451c10 570->575 576 7ff6f8451109-7ff6f8451119 call 7ff6f8463eec 570->576 583 7ff6f845126c-7ff6f8451281 call 7ff6f8458910 call 7ff6f8463ed8 * 2 575->583 581 7ff6f845111b-7ff6f8451132 call 7ff6f8451c10 576->581 582 7ff6f8451137-7ff6f8451147 576->582 581->583 585 7ff6f8451150-7ff6f8451175 call 7ff6f845e878 582->585 599 7ff6f8451286-7ff6f84512a0 583->599 592 7ff6f845117b-7ff6f8451185 call 7ff6f845e5ec 585->592 593 7ff6f845125e 585->593 592->593 600 7ff6f845118b-7ff6f8451197 592->600 595 7ff6f8451264 593->595 595->583 601 7ff6f84511a0-7ff6f84511c8 call 7ff6f8457090 600->601 604 7ff6f84511ca-7ff6f84511cd 601->604 605 7ff6f8451241-7ff6f845125c call 7ff6f8451c50 601->605 606 7ff6f845123c 604->606 607 7ff6f84511cf-7ff6f84511d9 604->607 605->595 606->605 609 7ff6f84511db-7ff6f84511e8 call 7ff6f845ef84 607->609 610 7ff6f8451203-7ff6f8451206 607->610 615 7ff6f84511ed-7ff6f84511f0 609->615 613 7ff6f8451208-7ff6f8451216 call 7ff6f845adf0 610->613 614 7ff6f8451219-7ff6f845121e 610->614 613->614 614->601 617 7ff6f8451220-7ff6f8451223 614->617 618 7ff6f84511f2-7ff6f84511fc call 7ff6f845e5ec 615->618 619 7ff6f84511fe-7ff6f8451201 615->619 621 7ff6f8451237-7ff6f845123a 617->621 622 7ff6f8451225-7ff6f8451228 617->622 618->614 618->619 619->605 621->595 622->605 624 7ff6f845122a-7ff6f8451232 622->624 624->585
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                              • API String ID: 0-1282086711
                                                                                                                                                                              • Opcode ID: 160eb6c4d85dca0518b567416e49d70c1ee016abdb28a29edcd8f73fcdb499a4
                                                                                                                                                                              • Instruction ID: 06df201674d75a7edf1f2d005b260302bc9d5abec38dac9e15da8731691bcf74
                                                                                                                                                                              • Opcode Fuzzy Hash: 160eb6c4d85dca0518b567416e49d70c1ee016abdb28a29edcd8f73fcdb499a4
                                                                                                                                                                              • Instruction Fuzzy Hash: CA51B422A0978281EB20DB79E4403BE6291FB45794F4441B1ED6EDB7C9FE3CE545EB08
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456090 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00007FF6F8456D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8456D4A
                                                                                                                                                                                • Part of subcall function 00007FF6F8467248: SetConsoleCtrlHandler.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF6F84696D4), ref: 00007FF6F84672B5
                                                                                                                                                                                • Part of subcall function 00007FF6F8467248: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF6F84696D4), ref: 00007FF6F84672C8
                                                                                                                                                                              • GetStartupInfoW.KERNEL32 ref: 00007FF6F8456117
                                                                                                                                                                                • Part of subcall function 00007FF6F8469634: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F8469648
                                                                                                                                                                                • Part of subcall function 00007FF6F8466DDC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F8466E43
                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00007FF6F845619F
                                                                                                                                                                              • CreateProcessW.KERNELBASE ref: 00007FF6F84561E1
                                                                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00007FF6F84561F5
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00007FF6F8456205
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                              • API String ID: 1742298069-3524285272
                                                                                                                                                                              • Opcode ID: fdd9067c6a50fe7732776f7ed38831473e578611cbd7c4ee754477190f419268
                                                                                                                                                                              • Instruction ID: 07017812c328026c2a797a598de8d4da65d05fc4bf2031a4268f3918cb021d91
                                                                                                                                                                              • Opcode Fuzzy Hash: fdd9067c6a50fe7732776f7ed38831473e578611cbd7c4ee754477190f419268
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B415E32A0C78286DB10EB74E4552AEB3A0FB95340F400279E6AD87BD9FF7CD0599B44
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846C90C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 854 7ff6f846c90c-7ff6f846c931 855 7ff6f846cc09 854->855 856 7ff6f846c937-7ff6f846c93a 854->856 857 7ff6f846cc0b-7ff6f846cc1b 855->857 858 7ff6f846c93c-7ff6f846c96e call 7ff6f846a180 856->858 859 7ff6f846c973-7ff6f846c99e 856->859 858->857 861 7ff6f846c9a9-7ff6f846c9af 859->861 862 7ff6f846c9a0-7ff6f846c9a7 859->862 864 7ff6f846c9b1-7ff6f846c9ba call 7ff6f846bca8 861->864 865 7ff6f846c9bf-7ff6f846c9d8 call 7ff6f8472ab0 861->865 862->858 862->861 864->865 869 7ff6f846caf5-7ff6f846cafe 865->869 870 7ff6f846c9de-7ff6f846c9e7 865->870 871 7ff6f846cb00-7ff6f846cb05 869->871 872 7ff6f846cb51-7ff6f846cb76 WriteFile 869->872 870->869 873 7ff6f846c9ed-7ff6f846c9f1 870->873 874 7ff6f846cb3d-7ff6f846cb4f call 7ff6f846c3bc 871->874 875 7ff6f846cb07-7ff6f846cb0a 871->875 878 7ff6f846cb78-7ff6f846cb7e GetLastError 872->878 879 7ff6f846cb81 872->879 876 7ff6f846ca06-7ff6f846ca11 873->876 877 7ff6f846c9f3-7ff6f846c9ff call 7ff6f84635d0 873->877 900 7ff6f846cade-7ff6f846cae5 874->900 880 7ff6f846cb0c-7ff6f846cb0f 875->880 881 7ff6f846cb29-7ff6f846cb3b call 7ff6f846c5dc 875->881 884 7ff6f846ca22-7ff6f846ca37 GetConsoleMode 876->884 885 7ff6f846ca13-7ff6f846ca1c 876->885 877->876 878->879 886 7ff6f846cb84 879->886 888 7ff6f846cb99-7ff6f846cba3 880->888 889 7ff6f846cb15-7ff6f846cb27 call 7ff6f846c4c0 880->889 881->900 893 7ff6f846ca3d-7ff6f846ca40 884->893 894 7ff6f846caea-7ff6f846caee 884->894 885->869 885->884 887 7ff6f846cb89 886->887 895 7ff6f846cb8e-7ff6f846cb92 887->895 896 7ff6f846cba5-7ff6f846cbaa 888->896 897 7ff6f846cc02-7ff6f846cc07 888->897 889->900 901 7ff6f846ca46-7ff6f846ca4d 893->901 902 7ff6f846cac7-7ff6f846cad9 call 7ff6f846bf30 893->902 894->869 895->888 903 7ff6f846cbac-7ff6f846cbaf 896->903 904 7ff6f846cbd8-7ff6f846cbe2 896->904 897->857 900->887 901->895 907 7ff6f846ca53-7ff6f846ca61 901->907 902->900 908 7ff6f846cbc8-7ff6f846cbd3 call 7ff6f8465dc4 903->908 909 7ff6f846cbb1-7ff6f846cbc0 903->909 910 7ff6f846cbea-7ff6f846cbf9 904->910 911 7ff6f846cbe4-7ff6f846cbe8 904->911 907->886 912 7ff6f846ca67 907->912 908->904 909->908 910->897 911->855 911->910 913 7ff6f846ca6a-7ff6f846ca81 call 7ff6f8472b7c 912->913 918 7ff6f846cab9-7ff6f846cac2 GetLastError 913->918 919 7ff6f846ca83-7ff6f846ca8d 913->919 918->886 920 7ff6f846caaa-7ff6f846cab1 919->920 921 7ff6f846ca8f-7ff6f846caa1 call 7ff6f8472b7c 919->921 920->886 923 7ff6f846cab7 920->923 921->918 925 7ff6f846caa3-7ff6f846caa8 921->925 923->913 925->920
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6F846C8AC), ref: 00007FF6F846CA2F
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6F846C8AC), ref: 00007FF6F846CAB9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                              • Opcode ID: df05b39e20d6b4a305b54bd5c45073e258c55b21ec4cfff64fadfea93fa7a073
                                                                                                                                                                              • Instruction ID: 09d4210b335a422bd47767069a45f088121b6ce088323d1cad9f685611c23d76
                                                                                                                                                                              • Opcode Fuzzy Hash: df05b39e20d6b4a305b54bd5c45073e258c55b21ec4cfff64fadfea93fa7a073
                                                                                                                                                                              • Instruction Fuzzy Hash: A4910172F18A5289FB60CB7594403BCA7A0FB16B98F444176DE2E936D4EF38E441E718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846ECC0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                              • Opcode ID: c3e661dd0a8e72af9d0f52d4d715681398ec2a18bb9594ad95e5ad467ce8c58d
                                                                                                                                                                              • Instruction ID: 43e912751f1587ab50bd0e4ecbec8e71c0aa4c2f53b005b31ef39492f1d76d50
                                                                                                                                                                              • Opcode Fuzzy Hash: c3e661dd0a8e72af9d0f52d4d715681398ec2a18bb9594ad95e5ad467ce8c58d
                                                                                                                                                                              • Instruction Fuzzy Hash: 6351F372F042528AFB24DF78D9456BC67E1BB41358F600179EE2E96AD5EF3CA4029704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84645DC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                              • Opcode ID: 6eaa4ef96a403fe5916438ab277e3d4369226d7cf89e13e50e0c4077950b2f56
                                                                                                                                                                              • Instruction ID: 231ace36db976aa140881a60302c4359d46b99063900f28863ea636d3b89fd61
                                                                                                                                                                              • Opcode Fuzzy Hash: 6eaa4ef96a403fe5916438ab277e3d4369226d7cf89e13e50e0c4077950b2f56
                                                                                                                                                                              • Instruction Fuzzy Hash: 5651AD22E086418AFB14DFB0D4513BD67A1FB4AB58F108175DE2D9BAC9EF3CD481A358
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8464488 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                              • Opcode ID: 390b95db17affa4f208a6eb99fe2f87c4499dc450baf817df354288345797a4a
                                                                                                                                                                              • Instruction ID: e80fe914b354ba687c5b3323139ec5b4aea72ec02dd19c8a8a7a3add374e2133
                                                                                                                                                                              • Opcode Fuzzy Hash: 390b95db17affa4f208a6eb99fe2f87c4499dc450baf817df354288345797a4a
                                                                                                                                                                              • Instruction Fuzzy Hash: CB41A162E1878183EB50CB709500379A260FF967A4F109375E77C43AD1FF6CA4E49718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845A1AC Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3058843127-0
                                                                                                                                                                              • Opcode ID: 7d844228c26b892dd08384abece49a91c4127074a55cbcc0a06edf4476ffb943
                                                                                                                                                                              • Instruction ID: e5a9abc265bcc80b17702d4da646e30c0ddb91abdaf0efdff980530ab1ec39fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d844228c26b892dd08384abece49a91c4127074a55cbcc0a06edf4476ffb943
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B314721A0834242FB10EB7891133BD6391AF46B84F4444B5EA6DCF2D7FE2DA844A368
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845E618 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: ff961ccf907298f6c75efeaf27b07b5a3350d64c25d99305a78acfb177265596
                                                                                                                                                                              • Instruction ID: 416f61f7d5d6f89d47a1245edc64df8d6e7c49253a061fbbf09811515c2d9c0d
                                                                                                                                                                              • Opcode Fuzzy Hash: ff961ccf907298f6c75efeaf27b07b5a3350d64c25d99305a78acfb177265596
                                                                                                                                                                              • Instruction Fuzzy Hash: CD51D421B0974286FB689E3A960067E6691BF44BA4F884371DD7C9B7C5FF3CE401A708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8467248 Relevance: 3.1, APIs: 2, Instructions: 130COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF6F84696D4), ref: 00007FF6F84672B5
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF6F84696D4), ref: 00007FF6F84672C8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ConsoleCtrlErrorHandlerLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3113525192-0
                                                                                                                                                                              • Opcode ID: 2f8090beb6b2e1911ce0735fdaa1e879e13002fbf5d59bbda86532b115075e6e
                                                                                                                                                                              • Instruction ID: 5f1f52ca64d12a35a6c95152be039b51c54f2390b339c2641a79c4bbd86f3b3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f8090beb6b2e1911ce0735fdaa1e879e13002fbf5d59bbda86532b115075e6e
                                                                                                                                                                              • Instruction Fuzzy Hash: B7517C72B1874381FB118B35D4601B9A691AF92B80F8586B7D96D873D5FE3CE884E34C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846BDA0 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                              • Opcode ID: 94318e8cf8a7b71dcb4138edf811e4b714f185fee6d3a367285caa89e278a853
                                                                                                                                                                              • Instruction ID: 5cc817c46e4a4d77b86d4b1aedde5d90981e4099edf895c241e5302dc0b988e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 94318e8cf8a7b71dcb4138edf811e4b714f185fee6d3a367285caa89e278a853
                                                                                                                                                                              • Instruction Fuzzy Hash: AB31A422E18B4681E7608B25D580178A650FB46BB0F68037ADB7E877E0DF3CE461E348
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845A0C0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3548387204-0
                                                                                                                                                                              • Opcode ID: ac4647f365047c21b947ff21438f1dfebbf13be18e0a439c5f7d00969711d5ce
                                                                                                                                                                              • Instruction ID: df4de82af57a632587b6948f316a17f484861df5cdf5aee9c6b69bdaf3409f5d
                                                                                                                                                                              • Opcode Fuzzy Hash: ac4647f365047c21b947ff21438f1dfebbf13be18e0a439c5f7d00969711d5ce
                                                                                                                                                                              • Instruction Fuzzy Hash: 91119650E1D30742FB14B3B868172BD52814F95308F0908B6EA7DCE2C3BD1CA881A7BA
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846A4C8 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF6F846A345,?,?,00000000,00007FF6F846A3FA), ref: 00007FF6F846A536
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6F846A345,?,?,00000000,00007FF6F846A3FA), ref: 00007FF6F846A540
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                                                              • Opcode ID: 6df09b5d312745fd4b88d0075a89d3a0a87329057c91ac2151b374d90935292b
                                                                                                                                                                              • Instruction ID: aea5c04985ef29a08dc2833601122d190e03ca70f69c995a66ac5fe8505848dc
                                                                                                                                                                              • Opcode Fuzzy Hash: 6df09b5d312745fd4b88d0075a89d3a0a87329057c91ac2151b374d90935292b
                                                                                                                                                                              • Instruction Fuzzy Hash: F721A111B0CA8241FB60D731959627D9292AF467A4F0442B5DA3EC73C6FE6CE445A319
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846BABC Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6F846BA5C,?,?,?,?,00000000,?,?,00007FF6F846BBB1), ref: 00007FF6F846BB08
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF6F846BA5C,?,?,?,?,00000000,?,?,00007FF6F846BBB1), ref: 00007FF6F846BB12
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                              • Opcode ID: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                                              • Instruction ID: 23409a0185a5662873ba95557081c49c6c94bfe7fac829c297fe06d93b88791a
                                                                                                                                                                              • Opcode Fuzzy Hash: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                                              • Instruction Fuzzy Hash: BB110162A08B8281DB10CB36E4441A9A361BB41BF4F544371EE7D8BBE8EE7CD0008744
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8471F2C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF6F846852A,?,?,00000000,00007FF6F8468A1E,?,?,?,?,00007FF6F84708D4,?,?,00000000), ref: 00007FF6F8471F40
                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF6F846852A,?,?,00000000,00007FF6F8468A1E,?,?,?,?,00007FF6F84708D4,?,?,00000000), ref: 00007FF6F8471FAA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EnvironmentStrings$Free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3328510275-0
                                                                                                                                                                              • Opcode ID: d845596f13a80c05a5bcafccd6440ff9d8e81ab330dfce5f9c100fa5c927362c
                                                                                                                                                                              • Instruction ID: 051ccd4f987c043c24beecd53f32880f5389c3b98a8a5994a71683b1a391fdc8
                                                                                                                                                                              • Opcode Fuzzy Hash: d845596f13a80c05a5bcafccd6440ff9d8e81ab330dfce5f9c100fa5c927362c
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D01C811E1875181EB20AF35741102EA360EF49FE0B884271EF7E577C9EF2CE8429758
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8464784 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8464699), ref: 00007FF6F84647B7
                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8464699), ref: 00007FF6F84647CD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                              • Opcode ID: 40cd053a4a77d0828c45793dd0685d93c9fdf8fa582ea42d2a9a6ce314da643c
                                                                                                                                                                              • Instruction ID: 254b80c087ae0978b7f58f1b4001db3e4dd64e0fe909444413784dd4cee3acb2
                                                                                                                                                                              • Opcode Fuzzy Hash: 40cd053a4a77d0828c45793dd0685d93c9fdf8fa582ea42d2a9a6ce314da643c
                                                                                                                                                                              • Instruction Fuzzy Hash: 6711913160C65281EB548B24A40113FF7A0FB86B65F500276FABDC19D8FF2CD054EB14
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846A2B8 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlReleasePrivilege.NTDLL(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2CE
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2D8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                                              • Opcode ID: 3e03568b67aaf4224c3ffade366a14ad34e1255bca52690c7e22dee6db176c31
                                                                                                                                                                              • Instruction ID: de6df0b3a409e9e57a79d023328367c7d8c24c23f0a7a99b510c9efb70e6219b
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e03568b67aaf4224c3ffade366a14ad34e1255bca52690c7e22dee6db176c31
                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE08C20F4D60382FF18ABB2D84A53852506F8A700B4444B0C83DC63D1FE2CA885A328
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846B828 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: a4f00bea79d1eb4c1b6700124423a9acd4f797a9145562bc88c4d22da0ee68a5
                                                                                                                                                                              • Instruction ID: dea9138a7d9d27a7e4ecadad6f18ca83bd20a5dd8a7e3804bb6e3412f44f0219
                                                                                                                                                                              • Opcode Fuzzy Hash: a4f00bea79d1eb4c1b6700124423a9acd4f797a9145562bc88c4d22da0ee68a5
                                                                                                                                                                              • Instruction Fuzzy Hash: 9441B03290920183EB248B29E540279B7A0FB56B84F100171DAAEC7BD1EF7DE406E758
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84562C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                              • Opcode ID: fd8279f01bda9b347f70abf0539a4afd0ef48e052caa2eecce5e65a67f48d649
                                                                                                                                                                              • Instruction ID: 1e2ed33a20f117a82de51031b4476147c9fe630364daeb816a21575162c6d698
                                                                                                                                                                              • Opcode Fuzzy Hash: fd8279f01bda9b347f70abf0539a4afd0ef48e052caa2eecce5e65a67f48d649
                                                                                                                                                                              • Instruction Fuzzy Hash: F3219421B0839246FB109B3665043BEA751BF45BD4F8854B1EE1D8B7C6EE7DE445D308
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846B2C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: b59e1c72e791777bb94a1bb83b09c738e79e1c4d1884165a8cec492615d4a699
                                                                                                                                                                              • Instruction ID: 3f302c1392e5c313d5ed453f97d7644c5929193cd5694e8a8e8ba2710e9cd8c3
                                                                                                                                                                              • Opcode Fuzzy Hash: b59e1c72e791777bb94a1bb83b09c738e79e1c4d1884165a8cec492615d4a699
                                                                                                                                                                              • Instruction Fuzzy Hash: F231D632B1864285E7119F74C84137CAB50BF82BA1F9141B6D93D837D2EF7CA480A718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84652D8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                                              • Instruction ID: 492dba774aa68cc2e4ca5ca23278aaa9b77b6798fc81add7c10a76262b64ba6f
                                                                                                                                                                              • Opcode Fuzzy Hash: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                                              • Instruction Fuzzy Hash: 6A114F72A1C64181EB609F61D80127DE360BF87B80F454471EAAC97AC6EF3CD4506B59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84756FC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: c650bf575fa2f7bb189ae025094c64fb66ae43678ec3bfe28347eb49f4fdf436
                                                                                                                                                                              • Instruction ID: 209348eb076bcd86182260a4c08f271a7cd78bd10d81b46ce2c473e7d516a2f5
                                                                                                                                                                              • Opcode Fuzzy Hash: c650bf575fa2f7bb189ae025094c64fb66ae43678ec3bfe28347eb49f4fdf436
                                                                                                                                                                              • Instruction Fuzzy Hash: 4E216232A18A8287DB619F28E84037D77A0EB85B54F654274E67DCB6D9EF3DD4009B04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845E898 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: 7ebeecbcdb1d8057a2822b1a152219fbc768fe8e98c4c3a3d681a8446870843b
                                                                                                                                                                              • Instruction ID: cc173c8fac535ce5047f64724674bf42f0221f899e7b8a279c1a526f983860e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ebeecbcdb1d8057a2822b1a152219fbc768fe8e98c4c3a3d681a8446870843b
                                                                                                                                                                              • Instruction Fuzzy Hash: A801D621B0875141EB04DB769A0107DA690BF96FE0F8846B1EE7C9BFD6EE3CE401A704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8466A28 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: 39d7f463129669a65356553cb610c2162213c063e08ba365197d0070ce431db6
                                                                                                                                                                              • Instruction ID: cd08ba5f97ab5d0d090d3315e1ea739f716ca2c141f74a7d53f81ec77648263a
                                                                                                                                                                              • Opcode Fuzzy Hash: 39d7f463129669a65356553cb610c2162213c063e08ba365197d0070ce431db6
                                                                                                                                                                              • Instruction Fuzzy Hash: 71116D32A1C78282E710DF24A44012AA3A5FB86740F5544B4E6AD876D6FE3CE810AB88
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846625C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: a7c351470d4ea0eca9c17b03632287dd5109028738290b81677b6573d5c06ba4
                                                                                                                                                                              • Instruction ID: 1d57d5622fc40763acce6175bf7d2ea3ca7d86e58518c7d1508cd7b75a6bc638
                                                                                                                                                                              • Opcode Fuzzy Hash: a7c351470d4ea0eca9c17b03632287dd5109028738290b81677b6573d5c06ba4
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B019220E0D64241FFA0BB7159011799290AF47798F5441B5EA3CD26C6FE7CE4416B0D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846E248 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6F846AD46,?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA), ref: 00007FF6F846E29D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                                              • Instruction ID: 98aa66a2249b79e4dc70c4ad46cb92529b75e787cad4c3a7089835abe46e3730
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                                              • Instruction Fuzzy Hash: ECF09050B0930341FF5857B599113B992C26F8AB40F6C41B0CD2EC67D1FE2CE4817318
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846CFA0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6F8467378,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF6F846CFDE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 421352df23b8ccfc7cd24c307d24daf565dba5e50752b2c898e853f67429b997
                                                                                                                                                                              • Instruction ID: 206512b91231b58d87802444f51c46267c879e1f7bbcd807b4b6af4c6af37de1
                                                                                                                                                                              • Opcode Fuzzy Hash: 421352df23b8ccfc7cd24c307d24daf565dba5e50752b2c898e853f67429b997
                                                                                                                                                                              • Instruction Fuzzy Hash: C0F01C61F0D70295FF689772594167992805F8A7A0F4806B0DD3EC62C1FE2CE491B31C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8466598 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: 0deb42d2f979eab4873e50de96c4b6618150dbdae13e8f2939796a1b0d3d173e
                                                                                                                                                                              • Instruction ID: e0db28dbd48ef25c1a01fcf5eebdab9349a662430c73ded7913b348fa593b9e8
                                                                                                                                                                              • Opcode Fuzzy Hash: 0deb42d2f979eab4873e50de96c4b6618150dbdae13e8f2939796a1b0d3d173e
                                                                                                                                                                              • Instruction Fuzzy Hash: 50E0ECA1E1C60786FB143BB499831B8D5905F9B340F8050B4DA38862C7FD2D68587B2A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 00007FF6F8454710 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                              • API String ID: 2238633743-1453502826
                                                                                                                                                                              • Opcode ID: 981787bd2c62c6071da115d1111ff149fd0a13d4906ba2427ae116529c5332c6
                                                                                                                                                                              • Instruction ID: 78fe6055854706a36f009d8a183b94ebb3246b434663de4722aee164a40516c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 981787bd2c62c6071da115d1111ff149fd0a13d4906ba2427ae116529c5332c6
                                                                                                                                                                              • Instruction Fuzzy Hash: F8E1A269A0AB43D1EB55CF38A85127C23A5BF05740F8554B5C83E8A2E8FF6CB548F358
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84731CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                              • Opcode ID: 42b717f0d44ccf592da154f50b842089685f8764c1b93b53b78347bbf76736df
                                                                                                                                                                              • Instruction ID: 88d2939b984dd298a5477372750d6897146cf88664356dec2b20abebb4e5e506
                                                                                                                                                                              • Opcode Fuzzy Hash: 42b717f0d44ccf592da154f50b842089685f8764c1b93b53b78347bbf76736df
                                                                                                                                                                              • Instruction Fuzzy Hash: F3B2F472A182828BE7658F78D8407FD77A1FB54388F905175DA2997AC4FF3CAA00DB44
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84565D0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF6F8451CE4,?,?,00000000,00007FF6F8456864), ref: 00007FF6F84565F7
                                                                                                                                                                              • FormatMessageW.KERNEL32 ref: 00007FF6F8456626
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 00007FF6F845667C
                                                                                                                                                                                • Part of subcall function 00007FF6F8451CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6F8456864,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F8451CD7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                              • API String ID: 2383786077-2573406579
                                                                                                                                                                              • Opcode ID: 620d5d36900d1fa5d35eb7c9ac16ae22a16bc84afd8ff29625592f9522aca46c
                                                                                                                                                                              • Instruction ID: 126f2cee185311c1c3b7033fbe0594b4d6234b2c2de296ef76c5747700554f42
                                                                                                                                                                              • Opcode Fuzzy Hash: 620d5d36900d1fa5d35eb7c9ac16ae22a16bc84afd8ff29625592f9522aca46c
                                                                                                                                                                              • Instruction Fuzzy Hash: 45219D61A08B4286FB20DF38E85036E6360FB88384F800174D56EC66E8FF3CD145D708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845A95C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                              • Opcode ID: e8cdbb987c13ff60472e0623c9c4020c60fb11b603f6bd6efae15d4dc6113c05
                                                                                                                                                                              • Instruction ID: 5cb63ccf398df6af9e5c3704a1d8e4d6c6f46cd5b0e6a5457fb1df07ddbc1df8
                                                                                                                                                                              • Opcode Fuzzy Hash: e8cdbb987c13ff60472e0623c9c4020c60fb11b603f6bd6efae15d4dc6113c05
                                                                                                                                                                              • Instruction Fuzzy Hash: 81313A72609B828AEB60CF74E8413ED7361FB84748F44443ADA5D87A98EF38D548D724
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8469F80 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                              • Opcode ID: 38c404c70a445b1321690087ba332b2ca65edbc79732dc857bff3aa9857afa8a
                                                                                                                                                                              • Instruction ID: d8efac6719128d2ff8d60024137817199651857353bd6db003faec411fbcb670
                                                                                                                                                                              • Opcode Fuzzy Hash: 38c404c70a445b1321690087ba332b2ca65edbc79732dc857bff3aa9857afa8a
                                                                                                                                                                              • Instruction Fuzzy Hash: 68315E32618B8186EB60CF35E8412AE73A0FB89758F500175EAAD87B95EF3CD549CB14
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8470D64 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                              • Opcode ID: fd4a9bfda042c9443d9aa9375a356fea78cc617cd4b82e203b5d264eab4a71de
                                                                                                                                                                              • Instruction ID: a4d29fb6c0118371b15d1a8193669581e9830cc5d0a9de02a4f2558d86affb2c
                                                                                                                                                                              • Opcode Fuzzy Hash: fd4a9bfda042c9443d9aa9375a356fea78cc617cd4b82e203b5d264eab4a71de
                                                                                                                                                                              • Instruction Fuzzy Hash: EDB1C022B19A9241EF60DB3198006BDA3A1FB45BE4F444172EA6DD7BC5FE7CE441E708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8472D40 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1502251526-3916222277
                                                                                                                                                                              • Opcode ID: cde1b8b2f6d1160984fe15dbaba42dea7d5925037cfa26e03551a8a86da9f649
                                                                                                                                                                              • Instruction ID: 8ccb94db839be2570b5e6c7a2937b30f2d74f00bf9d4dc51c6ff96193fc20f3e
                                                                                                                                                                              • Opcode Fuzzy Hash: cde1b8b2f6d1160984fe15dbaba42dea7d5925037cfa26e03551a8a86da9f649
                                                                                                                                                                              • Instruction Fuzzy Hash: 11C10772B1868687E724CF69E148A6EB791F784784F448175DB5E83B84EF3CE805DB04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8478B08 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                              • Opcode ID: bc390de868ea73124265393c67e6da1affeb6238bb5df05aa1662538549b98e5
                                                                                                                                                                              • Instruction ID: 937c895f0134fd46f728cd475ec71e5bc25b6a0071150b11e8708e275934caa1
                                                                                                                                                                              • Opcode Fuzzy Hash: bc390de868ea73124265393c67e6da1affeb6238bb5df05aa1662538549b98e5
                                                                                                                                                                              • Instruction Fuzzy Hash: D6B14C73601B498BEB15CF29C88636C3BA0F784B48F188962DB6D87BA4DF39D451D708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456940 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                              • Opcode ID: dcb144d10aa30cfaff6b5296c99f780a1ce8abe06b740b4c709fd8aa955fe9f0
                                                                                                                                                                              • Instruction ID: a0f6bf2c6df3b1078a8f882b1814f323a7a8e0b17ca027b6e41f0cc2e080a6c7
                                                                                                                                                                              • Opcode Fuzzy Hash: dcb144d10aa30cfaff6b5296c99f780a1ce8abe06b740b4c709fd8aa955fe9f0
                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF08122A1C78186E7A0CF74A49976A7390BB84728F040635D67D466D4EF3CD0089B04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846D588 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                              • Opcode ID: 7415e6b30dec67e1f7b88c6f5fac3f2653a2dc06fd9f2d83c2e1fa89a9b54909
                                                                                                                                                                              • Instruction ID: bd97da59a64a5867f24825dd0c44c8126c18efcab25f67062fbee0fc2cc255db
                                                                                                                                                                              • Opcode Fuzzy Hash: 7415e6b30dec67e1f7b88c6f5fac3f2653a2dc06fd9f2d83c2e1fa89a9b54909
                                                                                                                                                                              • Instruction Fuzzy Hash: AB518A62B1C7C546E7248E359801769FB91E786B94F08C272DBBC8BAC5EF3ED4448705
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84757C0 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 474895018-0
                                                                                                                                                                              • Opcode ID: 62fd0fb53a18f0325237b5f4d992246be456f9e55d3a1d94135469ebd9c984cb
                                                                                                                                                                              • Instruction ID: e1ee4dc1343599d1ebd77223dc91fcba32a0e78cafc1918d55f3235b17aa8527
                                                                                                                                                                              • Opcode Fuzzy Hash: 62fd0fb53a18f0325237b5f4d992246be456f9e55d3a1d94135469ebd9c984cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 54610522F1C69246FB648A389C4077D6281AF407B4F1706B5DA7DCBAC1FE7DE841A708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846D0D8 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                              • Opcode ID: 8ee43a9b21c337af84c38aa11b89f1f538431f216f0265c1ebdbcf84e6c0f447
                                                                                                                                                                              • Instruction ID: bc7bfd38e6f265b817b4ef3bea38150cc8bea35d2fe40dc0fd5c9195689c0185
                                                                                                                                                                              • Opcode Fuzzy Hash: 8ee43a9b21c337af84c38aa11b89f1f538431f216f0265c1ebdbcf84e6c0f447
                                                                                                                                                                              • Instruction Fuzzy Hash: DFA16A62B083C686EB25CF3594007ADBB91EB52B84F048172CE6D877C5EE3EE905D705
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846744C Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                              • Opcode ID: 149e18b05292fe6e1a7b61631178e03b9e69b147337d0b4b76429c8b487cdd2c
                                                                                                                                                                              • Instruction ID: 239217d5026d1a55b8a5b9ef13d9a8f9aab25bd8415566afe3c30925486bbc86
                                                                                                                                                                              • Opcode Fuzzy Hash: 149e18b05292fe6e1a7b61631178e03b9e69b147337d0b4b76429c8b487cdd2c
                                                                                                                                                                              • Instruction Fuzzy Hash: A751DE11F0971241FB64AB36592157AD291AF86BD4F4842B4DE2EC3BD6FE3CE442A30C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8472930 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                              • Opcode ID: 8318c770c4f45aa055814d428635f7f45cbec4c4c558b65e31452e9551a3ff8c
                                                                                                                                                                              • Instruction ID: aafd8437904e791bb770e77e7e22b38188cb8b7d71a2800ed79373b2948f8477
                                                                                                                                                                              • Opcode Fuzzy Hash: 8318c770c4f45aa055814d428635f7f45cbec4c4c558b65e31452e9551a3ff8c
                                                                                                                                                                              • Instruction Fuzzy Hash: D4B09220E07B02C2EB486B216E8261822A47F48B11F8800B9C01CC03A0EF2C20A57714
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8461FE4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 01b4ebd5f042ebb0c064ed8103ee719a8e8f0b23208b948f62020c7050f0d0b3
                                                                                                                                                                              • Instruction ID: 5f1aa1d7b46746fdc5b384983f1b7f7d76d94a8440247af7154f0c7c18750ce5
                                                                                                                                                                              • Opcode Fuzzy Hash: 01b4ebd5f042ebb0c064ed8103ee719a8e8f0b23208b948f62020c7050f0d0b3
                                                                                                                                                                              • Instruction Fuzzy Hash: 7CE1D77290866395EB688A39844437DA7A1EB06B48F144276CF7D873D5FF39E842E309
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84627E4 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c1ab2d779eaba6c8c7dfe1f1897cbaafb481f92d9821034868eb03f3a2409d90
                                                                                                                                                                              • Instruction ID: 5ea9434c77c396d434a5a6cb9895678c377954fccde570823384e02b5f5df9ea
                                                                                                                                                                              • Opcode Fuzzy Hash: c1ab2d779eaba6c8c7dfe1f1897cbaafb481f92d9821034868eb03f3a2409d90
                                                                                                                                                                              • Instruction Fuzzy Hash: 73D1D432A0866692EB788F35800057DB3A0FB46B48F544276DE6D877D4FF2CD842E748
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8462418 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 25ae5f151df0c1ba02c4360836bc34a0f79240637f1c4d1dc95a112454dbe016
                                                                                                                                                                              • Instruction ID: 8a31626b5f5386a8f36f8a145be214d08cb85b8da0b02e3c7f5053d04ee254e5
                                                                                                                                                                              • Opcode Fuzzy Hash: 25ae5f151df0c1ba02c4360836bc34a0f79240637f1c4d1dc95a112454dbe016
                                                                                                                                                                              • Instruction Fuzzy Hash: 6AD1E772A0866696EB388F35801067DE3A1EF06B48F540176CE6D977D5EF3DE842E348
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8459030 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8c8bf80d24b1585ea17529d93ee93efcec8c0fed6d1a39070f5825dee488f3f0
                                                                                                                                                                              • Instruction ID: 02eaac8cf9a70a4b42cdb168ef583326b2127ae12d2b0e17e85a72679d98307d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c8bf80d24b1585ea17529d93ee93efcec8c0fed6d1a39070f5825dee488f3f0
                                                                                                                                                                              • Instruction Fuzzy Hash: 69C1C2722142E04BD399EB29E45947A37E0F7C8319BD8402BEB8B87BC6DA3CE455D711
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846115C Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 145553e4eb520b9c4327cd244bf3735e6a69e68fb6006d4d8b81bdfca1e62c0f
                                                                                                                                                                              • Instruction ID: 6a6360de033e5ba6b9c7b89839a729af31f395bd4470205460c0afa8c1800c4c
                                                                                                                                                                              • Opcode Fuzzy Hash: 145553e4eb520b9c4327cd244bf3735e6a69e68fb6006d4d8b81bdfca1e62c0f
                                                                                                                                                                              • Instruction Fuzzy Hash: A9B1C272A08752C5E7648F39C05027CBBA0EB06B48F184176DE5E873D9EF39D480EB48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84614E8 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: adcc09fd6b79e9e3f02851d2afca0750a49ee1777a1ce42f3f6beceed93d6895
                                                                                                                                                                              • Instruction ID: a04a7b3221b4f603dfc4e7f121facde47533d1b3974eb5870d7c60774cf22efe
                                                                                                                                                                              • Opcode Fuzzy Hash: adcc09fd6b79e9e3f02851d2afca0750a49ee1777a1ce42f3f6beceed93d6895
                                                                                                                                                                              • Instruction Fuzzy Hash: 8BB1A176A087858AE7658F39C45013CBBA0E707F58F2801B9CA6E873D5EF39D441EB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846DC08 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4013c44f973f1f1ce609df18204cccaeace5f86398c0733acef99e0fa5c9e84d
                                                                                                                                                                              • Instruction ID: 8228d475b835d61cde1dbcd0efd440a78280d3bec585393629140d78874624c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 4013c44f973f1f1ce609df18204cccaeace5f86398c0733acef99e0fa5c9e84d
                                                                                                                                                                              • Instruction Fuzzy Hash: B881C372A0878146EB74CF299440379AA90FB977D4F144275DAAD87BC9EF3ED4009B04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84601C0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 91676e2c6819f2125a1fdcdf1d499c76ba6867f36b41da1b0312bc2d09b032fe
                                                                                                                                                                              • Instruction ID: e6a28734e9624d2b2c6659ee65a3f6426fab6aa334c9d5a8467eaf289c683be9
                                                                                                                                                                              • Opcode Fuzzy Hash: 91676e2c6819f2125a1fdcdf1d499c76ba6867f36b41da1b0312bc2d09b032fe
                                                                                                                                                                              • Instruction Fuzzy Hash: BA51A272A0861283EB688E39D05423CA7A0EF56B58F140175CF69A77D8EF29EC81D344
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8460594 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d35544f0de4291087a22586488ce75b6eb3c39d1b62f2cbc732685b95b505f20
                                                                                                                                                                              • Instruction ID: 412ab572d5e6337f63152d8fa620873085fa89ad8c1d2e51106f895e8eaf4943
                                                                                                                                                                              • Opcode Fuzzy Hash: d35544f0de4291087a22586488ce75b6eb3c39d1b62f2cbc732685b95b505f20
                                                                                                                                                                              • Instruction Fuzzy Hash: 9651B177A0865182EB288F38C15423CA7A1EB52B68F140175DE6EA77D8EF39EC41DB44
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8464D60 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                              • Instruction ID: 99823e9daf66205b811f2dc3f37e1302168fdf23e4c4e2a9ed0e079f3639f43e
                                                                                                                                                                              • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                              • Instruction Fuzzy Hash: 0441C762D0974E05EFE5C97845106B8AA80EF137A0D1862F0DEB993BC7FD0C6AC79314
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845FDEC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cd13913463f2a535fc0c8be1876713af60b9a5b5c2f997033bced444a0d0364e
                                                                                                                                                                              • Instruction ID: b5a6d6a54d9abcc0c69eb034392f198ac3a5664220732abe073203a61c98987a
                                                                                                                                                                              • Opcode Fuzzy Hash: cd13913463f2a535fc0c8be1876713af60b9a5b5c2f997033bced444a0d0364e
                                                                                                                                                                              • Instruction Fuzzy Hash: 7F51BE33A0875182E7288F3CC05423C27A0EB55B68F140175DE6D9BBDAEF29ED41E789
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84603AC Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fd8ebc248ced660718111c5b2368b9a6156698bebe51c5a3ea58e993a1de5436
                                                                                                                                                                              • Instruction ID: 776a7623a7aa532e5d96834fca7f430533d531701e9dcef0c68cbd28c2732fdc
                                                                                                                                                                              • Opcode Fuzzy Hash: fd8ebc248ced660718111c5b2368b9a6156698bebe51c5a3ea58e993a1de5436
                                                                                                                                                                              • Instruction Fuzzy Hash: 4951B573A1865182EB288F39C15433CA7A0EF56B58F140175CE5DA77D9EF28EC41E784
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845FC04 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: eaa0e8279f47b3a442918b0d2efffb71c4d8b95321069e11353736f5b085a131
                                                                                                                                                                              • Instruction ID: 38bf8e701b1591ad307e1c6c83d4206ac8a50d7a2bdc29861b566520238e2a46
                                                                                                                                                                              • Opcode Fuzzy Hash: eaa0e8279f47b3a442918b0d2efffb71c4d8b95321069e11353736f5b085a131
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D519B72A0875182E72A8F3CC16423C27A0FB55B58F1401B5CE5A9B7D8EF28EC45E789
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845FFD8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0d206cf78a1e1fdd7179b185d329a52e3742a16a0b21815c9c7ebae968ae7add
                                                                                                                                                                              • Instruction ID: fa89171d4e53508cc568a93eaeb4c47fef2cfce195ba87024777038ac97dac4e
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d206cf78a1e1fdd7179b185d329a52e3742a16a0b21815c9c7ebae968ae7add
                                                                                                                                                                              • Instruction Fuzzy Hash: 0851D173A08601C2EB288F38D15437CA7A0EB56B58F140175CE5DA77D9EF2AEC81D788
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8469050 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                                              • Opcode ID: 43b99864422a8676007e5736afaec170887928904427b2342eae56f92314234e
                                                                                                                                                                              • Instruction ID: d1656dbefc82a64a63197ecbf98c650bebb752cd59ea0ff47418c7cb82a06e36
                                                                                                                                                                              • Opcode Fuzzy Hash: 43b99864422a8676007e5736afaec170887928904427b2342eae56f92314234e
                                                                                                                                                                              • Instruction Fuzzy Hash: B341E422714A5582FF04CF3AD9186A9B791BB49FC8B199032DE1DC7B98EF3CC4069304
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8466444 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 819c452ceea6cdb6076674dadbf3522504ddf144b065b1f90e234d79c8fa8159
                                                                                                                                                                              • Instruction ID: d27f066a26c7b18e63bbb654e32bbf8fa539a9a2973e8b0a4aa6b24861a67557
                                                                                                                                                                              • Opcode Fuzzy Hash: 819c452ceea6cdb6076674dadbf3522504ddf144b065b1f90e234d79c8fa8159
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B319732B18B4241E724DF35A44113DE6D5AF86BE0F144279EAAD93BEAEF3CD4119708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8478950 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 685721b868abd79bb6039a7cb0fed6cfa8a4d2ca7c489b0716d2b85c066e7ea4
                                                                                                                                                                              • Instruction ID: c70ad8e8cc3a5faff70cd8728f0c9f04bc61f61a9eed71b909d953149129cc82
                                                                                                                                                                              • Opcode Fuzzy Hash: 685721b868abd79bb6039a7cb0fed6cfa8a4d2ca7c489b0716d2b85c066e7ea4
                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF068717182958AEBB48F39A50263977D0F748384F40807ED59DC3B48DA3C90609F08
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845AB04 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 39a1a216b36ec4f1213f8b1959555be0810dbfbd84f05320a3a61314d1c7cd00
                                                                                                                                                                              • Instruction ID: 8e5dc67264d105059e3d11e0ec975f26e01cf62503a65cbaebf15f29a387a483
                                                                                                                                                                              • Opcode Fuzzy Hash: 39a1a216b36ec4f1213f8b1959555be0810dbfbd84f05320a3a61314d1c7cd00
                                                                                                                                                                              • Instruction Fuzzy Hash: 83A00125908902D0E744CB24E8660282221EF64305B4040B2D12E954E1AE2CA840E3A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8452F00 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8452F16
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8452F55
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8452F7A
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8452F9F
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8452FC7
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8452FEF
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8453017
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F845303F
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8453067
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                              • API String ID: 190572456-3109299426
                                                                                                                                                                              • Opcode ID: 6dac1c92e6f7fbc275b6c3ad7bc64d4d5fe1c3f7fabe1334cf705fcdd83ef4fe
                                                                                                                                                                              • Instruction ID: ee36e2d9237c6f1ed9c18af84b914ea35d6eff8e264f106c64a2f59a325b7aea
                                                                                                                                                                              • Opcode Fuzzy Hash: 6dac1c92e6f7fbc275b6c3ad7bc64d4d5fe1c3f7fabe1334cf705fcdd83ef4fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 48428575A1EB4391EB55CB38BC5427C23A1BF05780F8454B5C82E8A6E8FF7CA548B348
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456B50 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32 ref: 00007FF6F8456B8C
                                                                                                                                                                                • Part of subcall function 00007FF6F8451CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6F8456864,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F8451CD7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                                                                              • API String ID: 203985260-1562484376
                                                                                                                                                                              • Opcode ID: 0842c0beef0e3c2ea5268e0550be029ac5194c7db9c78ad409e32489faef06af
                                                                                                                                                                              • Instruction ID: c50609772879acd9aa3a9e7a2e462657b12bc9e5cbc6242ec6e46f8d484ad7b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 0842c0beef0e3c2ea5268e0550be029ac5194c7db9c78ad409e32489faef06af
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A415A31A0CB4282E721DB35AC5007E67A2BB84780F5445B5D96ECAAE5FF3CE505A708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84512B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                              • API String ID: 0-3659356012
                                                                                                                                                                              • Opcode ID: 2c025db1d8a3c723f4219ba816eaa8465e12550dcbb22845f81d51e55c6aa4c3
                                                                                                                                                                              • Instruction ID: 7741b9700489e2daee15db2dcfbc3ba3a142792337251c049c9a80b8ee5f4081
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c025db1d8a3c723f4219ba816eaa8465e12550dcbb22845f81d51e55c6aa4c3
                                                                                                                                                                              • Instruction Fuzzy Hash: 14418121A0874281EB10DB29E4112BDA3A0FB457D0F444472DE6D8BAC9FE3CE441EB08
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8469714 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID: 0$f$p$p
                                                                                                                                                                              • API String ID: 3215553584-1202675169
                                                                                                                                                                              • Opcode ID: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
                                                                                                                                                                              • Instruction ID: bbe43417f8e3246bdf14cafc09b4ddbac2cfcf727253beb3a360af045fbe14c6
                                                                                                                                                                              • Opcode Fuzzy Hash: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
                                                                                                                                                                              • Instruction Fuzzy Hash: F212B471E0C24385FB245E34D0486B9FA91FB82B54F884175E6A9CB6C4FFBCE550A718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845CEC0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                              • Opcode ID: 9c44b781d01f847bcb91b9371ef1ba7e9eee49312ea6e47aa49feb91334e90b1
                                                                                                                                                                              • Instruction ID: 68559664aa107a8296c09576dbbc850b26628abff74aba2f0fdf1e803f05d59a
                                                                                                                                                                              • Opcode Fuzzy Hash: 9c44b781d01f847bcb91b9371ef1ba7e9eee49312ea6e47aa49feb91334e90b1
                                                                                                                                                                              • Instruction Fuzzy Hash: 10E16E72A0874686EB209B7994403AD77A0FF45B98F100175EEAD9BBD9EF38E481D704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846E2C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,00000000,?,00007FF6F846E65E,?,?,000001A41CE1C158,00007FF6F846A6C2,?,?,?,00007FF6F846A5BA,?,?,?,00007FF6F8465282), ref: 00007FF6F846E43F
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000,?,00007FF6F846E65E,?,?,000001A41CE1C158,00007FF6F846A6C2,?,?,?,00007FF6F846A5BA,?,?,?,00007FF6F8465282), ref: 00007FF6F846E44B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                              • Opcode ID: b632b23fbcbe9268c0735088e310e511c0fd73288f0276e0b877c3c5202d005e
                                                                                                                                                                              • Instruction ID: 46e5195227d855195500fa803661593545fe3e8039398d6d2f9aa989f2ea7cb7
                                                                                                                                                                              • Opcode Fuzzy Hash: b632b23fbcbe9268c0735088e310e511c0fd73288f0276e0b877c3c5202d005e
                                                                                                                                                                              • Instruction Fuzzy Hash: F041F262B1960281FF51DB36A8046A9A3D2BF46BD0F184176DD2DCB7C8FE3CE445A308
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456720 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F84567BF
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F845680F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                              • API String ID: 626452242-27947307
                                                                                                                                                                              • Opcode ID: ce265046110d06040b90785b06e79b8a24201e847aea70b708edfb59307a29b5
                                                                                                                                                                              • Instruction ID: 8e30f5449df3c8c9383b6f42766647d2b02f87cadfe1f0187677471ca6bcdbe8
                                                                                                                                                                              • Opcode Fuzzy Hash: ce265046110d06040b90785b06e79b8a24201e847aea70b708edfb59307a29b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 12419F32A09B8282E720CF29E84016EA7A5FB84790F544175DEAD87BD4FF3CE451E704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456E20 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF6F8452D15,?,?,?,?,?,?), ref: 00007FF6F8456E61
                                                                                                                                                                                • Part of subcall function 00007FF6F8451CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6F8456864,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F8451CD7
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF6F8452D15,?,?,?,?,?,?), ref: 00007FF6F8456ED5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                              • API String ID: 1717984340-27947307
                                                                                                                                                                              • Opcode ID: 5bc3ea2fd74ffa0f0e62c3bf93ac1dd088821bb5a8a6cae45ab24e6d4a643a93
                                                                                                                                                                              • Instruction ID: 3535bf561f2fd538cdb7fd1a79a4688ae32bc4107e6c39a2eefaa24cd3a1caa8
                                                                                                                                                                              • Opcode Fuzzy Hash: 5bc3ea2fd74ffa0f0e62c3bf93ac1dd088821bb5a8a6cae45ab24e6d4a643a93
                                                                                                                                                                              • Instruction Fuzzy Hash: BB215A31A09B4286EB20DF3AE84006DB7A1BB84B80F544579DA6EC77D4FF3CE551A308
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845F4AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID: f$p$p
                                                                                                                                                                              • API String ID: 3215553584-1995029353
                                                                                                                                                                              • Opcode ID: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
                                                                                                                                                                              • Instruction ID: c1c6193bfa668878c7f01db9ac974a0b75bbe3189f4d14199c89eedd1d09c252
                                                                                                                                                                              • Opcode Fuzzy Hash: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
                                                                                                                                                                              • Instruction Fuzzy Hash: 7012A562E1C34386FB205B3CE05467EB691FB50754F944171D6EA8B6C4EF3CE980AB4A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456F10 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                              • API String ID: 626452242-876015163
                                                                                                                                                                              • Opcode ID: 19358865b91ec950781bb9e02c5c67f45a3590dbc39885bb112f37b2ff568ece
                                                                                                                                                                              • Instruction ID: 6cfae99593a2a8d99fa50ddbbfbd7ce65b6e509ec17d9cb3cae02fc75f9f9e3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 19358865b91ec950781bb9e02c5c67f45a3590dbc39885bb112f37b2ff568ece
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B416132A09B4282E720DF29E84056D67A5FB44B90F540175DEAD8BBE4FF3CE456E708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845C178 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6F845C42A,?,?,?,00007FF6F845C11C,?,?,00000001,00007FF6F845BD39), ref: 00007FF6F845C1FD
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6F845C42A,?,?,?,00007FF6F845C11C,?,?,00000001,00007FF6F845BD39), ref: 00007FF6F845C20B
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6F845C42A,?,?,?,00007FF6F845C11C,?,?,00000001,00007FF6F845BD39), ref: 00007FF6F845C235
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6F845C42A,?,?,?,00007FF6F845C11C,?,?,00000001,00007FF6F845BD39), ref: 00007FF6F845C27B
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6F845C42A,?,?,?,00007FF6F845C11C,?,?,00000001,00007FF6F845BD39), ref: 00007FF6F845C287
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                              • Opcode ID: c7b5a127782adb6287aa8122f4b1c4e7f8537a2c8b18c9206494bb7e0b67d0f4
                                                                                                                                                                              • Instruction ID: 8b5cf52bad27f9870fb1b0678416cce09d85b4cd52ba8bee3dbfe661bcfb34a9
                                                                                                                                                                              • Opcode Fuzzy Hash: c7b5a127782adb6287aa8122f4b1c4e7f8537a2c8b18c9206494bb7e0b67d0f4
                                                                                                                                                                              • Instruction Fuzzy Hash: A931AD22F0A74281EF51DB6AA80067D2394BF48BA0F594975ED3D9A3C0FF3CE040A708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84555A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00007FF6F8456D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8456D4A
                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6F84558EF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6F84555FF
                                                                                                                                                                              Strings
                                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6F845565A
                                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6F8455613
                                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6F84555D6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                              • API String ID: 2001182103-3498232454
                                                                                                                                                                              • Opcode ID: 87be12288fd3eb247e765a04b57b2407e46382c2ab6f796fca3f6766adf9c788
                                                                                                                                                                              • Instruction ID: 726b9d2fbc6402d5bccc813e2197f6bc7aae3a5ff6e5e7249dca141654597104
                                                                                                                                                                              • Opcode Fuzzy Hash: 87be12288fd3eb247e765a04b57b2407e46382c2ab6f796fca3f6766adf9c788
                                                                                                                                                                              • Instruction Fuzzy Hash: D8317315F1D78240FB20EB39E9553BE5291AF98780F850471DA6ECABCAFE2CE1049708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456D10 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8456D4A
                                                                                                                                                                                • Part of subcall function 00007FF6F8451CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6F8456864,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F8451CD7
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8456DD0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                              • API String ID: 1717984340-876015163
                                                                                                                                                                              • Opcode ID: 4f28fd35f8ac7f4db4dc8e58fad0defa302d170e713fccbe8e38c6d20341e8e3
                                                                                                                                                                              • Instruction ID: fb592df53fa219e76068643d118bcfe15336dc7eda30ee23eba48dbb573f91c7
                                                                                                                                                                              • Opcode Fuzzy Hash: 4f28fd35f8ac7f4db4dc8e58fad0defa302d170e713fccbe8e38c6d20341e8e3
                                                                                                                                                                              • Instruction Fuzzy Hash: C2219421B08A4282EB50DB39F80016DA761FB887C4F584575DB6CC7BE9FF2CE5559708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846AAB0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AABF
                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AAD4
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AAF5
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AB22
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AB33
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AB44
                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F,?,?,?,00007FF6F84697C4), ref: 00007FF6F846AB5F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                              • Opcode ID: 5c93f0969458e38e1e386236eb9e50c4cef80ac467772c59dd8def7feca309a5
                                                                                                                                                                              • Instruction ID: 0b293743fe036043d33351d247ab1b1e21e71881f2d8701ad47a5e0d533e14df
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c93f0969458e38e1e386236eb9e50c4cef80ac467772c59dd8def7feca309a5
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B21B020A0DA0241FB58EB315656139E2925F46BA0F5447B5DA3EC77C6FE2CB4016318
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8476FFC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                              • Opcode ID: 25a38ad91bb89dfa904c6f75e80a85761cd8d9635167a062241b29f482f95994
                                                                                                                                                                              • Instruction ID: ec6bd2f667336efc35711e935c54eb170b177145e9e600f12596eae8d32e86bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 25a38ad91bb89dfa904c6f75e80a85761cd8d9635167a062241b29f482f95994
                                                                                                                                                                              • Instruction Fuzzy Hash: 21119021B18B8186E7508F62E854729B2A0FB98BE4F004274EE2EC77D4EF3CD4049788
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846AC28 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6F8465E11,?,?,?,?,00007FF6F846E2AF,?,?,00000000,00007FF6F846AD46,?,?,?), ref: 00007FF6F846AC37
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8465E11,?,?,?,?,00007FF6F846E2AF,?,?,00000000,00007FF6F846AD46,?,?,?), ref: 00007FF6F846AC6D
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8465E11,?,?,?,?,00007FF6F846E2AF,?,?,00000000,00007FF6F846AD46,?,?,?), ref: 00007FF6F846AC9A
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8465E11,?,?,?,?,00007FF6F846E2AF,?,?,00000000,00007FF6F846AD46,?,?,?), ref: 00007FF6F846ACAB
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8465E11,?,?,?,?,00007FF6F846E2AF,?,?,00000000,00007FF6F846AD46,?,?,?), ref: 00007FF6F846ACBC
                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF6F8465E11,?,?,?,?,00007FF6F846E2AF,?,?,00000000,00007FF6F846AD46,?,?,?), ref: 00007FF6F846ACD7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                              • Opcode ID: 350d3381df75217de83fe295925a68151ee2ddad552d6d9760b7a2b2b4f6f4a1
                                                                                                                                                                              • Instruction ID: 19e4cb674d65df14293bf04e8e52bd1d45e12266f4db6b096245989db17f742e
                                                                                                                                                                              • Opcode Fuzzy Hash: 350d3381df75217de83fe295925a68151ee2ddad552d6d9760b7a2b2b4f6f4a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 55118E20B0DA424AF754EB315656139E2925F467B0F5447B4D93E877D6FE2CB401A318
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845D6F4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                              • API String ID: 851805269-3733052814
                                                                                                                                                                              • Opcode ID: 950ae6828b2f61cd077b98b3d11d61ed14320742099c75916b852c21ec08a04d
                                                                                                                                                                              • Instruction ID: e1831f414bb07db6cba13c123060d8bcc186f4e69ab5a7ff6478b49fb6147595
                                                                                                                                                                              • Opcode Fuzzy Hash: 950ae6828b2f61cd077b98b3d11d61ed14320742099c75916b852c21ec08a04d
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B616E3290878286EB648F39944436C77A0FF55B88F148176DAAD8BBD5EF3CE450D708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845BB38 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                              • String ID: csm$f
                                                                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                                                                              • Opcode ID: 6900edcc1fa400eb38c1eb5f42e136e427448ac8628f1593a5b885d2bf070d95
                                                                                                                                                                              • Instruction ID: 60874db2991f46ea3f93e225065e4cd918ef3ceef5c287b0460d39f28a644c8e
                                                                                                                                                                              • Opcode Fuzzy Hash: 6900edcc1fa400eb38c1eb5f42e136e427448ac8628f1593a5b885d2bf070d95
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F51A332A0970686DB15CF29E444A3D3795FB40B84F108574DA6A8BBC8FF38E941D70C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8468D90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                              • Opcode ID: f4d1d4ada2980999414c083bf883c8cbbe26688c97fecdee198fdf72bb517a28
                                                                                                                                                                              • Instruction ID: ae3f4db38786d7859abd36ed960cc4b5ef86c2fafd449654bfe47669591d9f08
                                                                                                                                                                              • Opcode Fuzzy Hash: f4d1d4ada2980999414c083bf883c8cbbe26688c97fecdee198fdf72bb517a28
                                                                                                                                                                              • Instruction Fuzzy Hash: 88F06261B1970281FB108F34E8453796360FF8A761F540676C57E856E4EF3CD048E718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F847874C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                              • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                              • Instruction ID: 66ad8ccbe7958b20b42d3ee602fdcc7ec1fdb1b71c8e0063216911de9f9e4689
                                                                                                                                                                              • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                              • Instruction Fuzzy Hash: 00115136F1CA0302F7641178D84637E1941AF54374F5846B6EA7FC66DABF2CA841A31C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846ACF0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846AD0F
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846AD2E
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846AD56
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846AD67
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA,?,?,?,?,?,00007FF6F8461866), ref: 00007FF6F846AD78
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                              • Opcode ID: 6e602241f4fbeb84288167af71264208fae41c8f15a3abb7f053b97777158cb8
                                                                                                                                                                              • Instruction ID: 92c78464627b4b36fb4190b2492bbb093d2ed21484bf267b0c66a93ceb768dad
                                                                                                                                                                              • Opcode Fuzzy Hash: 6e602241f4fbeb84288167af71264208fae41c8f15a3abb7f053b97777158cb8
                                                                                                                                                                              • Instruction Fuzzy Hash: D6117C20F0DA0241FB59EB35A552179D2926F467A0F5847B4E93E877D6FE2CF401A318
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846AB84 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F), ref: 00007FF6F846AB95
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F), ref: 00007FF6F846ABB4
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F), ref: 00007FF6F846ABDC
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F), ref: 00007FF6F846ABED
                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6F84727C7,?,?,?,00007FF6F846D060,?,?,00000000,00007FF6F846360F), ref: 00007FF6F846ABFE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                              • Opcode ID: 1cb6a6dae4bd41c08874ef0f5aefa99660f33371a35a9a691fd19695d899fdfc
                                                                                                                                                                              • Instruction ID: 2c0946076985c1e1e7924fb443cb3b68646e3e738e38ada329df534444190075
                                                                                                                                                                              • Opcode Fuzzy Hash: 1cb6a6dae4bd41c08874ef0f5aefa99660f33371a35a9a691fd19695d899fdfc
                                                                                                                                                                              • Instruction Fuzzy Hash: 42117C10E0DA0306FB58A731542317992825F43774F584BB4D93ECA3C2FE2CB801B368
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846F554 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                              • Opcode ID: 4c5a14b365211e3e93dbed1b4a307768974a75985a14d7ac45fb1570d02ad6a4
                                                                                                                                                                              • Instruction ID: 511f7eeef8550199a0a54e05bc3e1bbba2f7b5b4ffb4415956f268d58358e2ef
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c5a14b365211e3e93dbed1b4a307768974a75985a14d7ac45fb1570d02ad6a4
                                                                                                                                                                              • Instruction Fuzzy Hash: E281D472E0C60B85FB648F789150278A7A0EB13759F5580B5CAA9D72D4FF2DF801B349
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845D398 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                              • Opcode ID: b811f9d035f1e051f4446d81a48ba224ae6f3274d3e91807cb4f46dd0d23d8c6
                                                                                                                                                                              • Instruction ID: 608012a56d83544d55b303a90fb193be05fa069e62059be2539d6db9c0696826
                                                                                                                                                                              • Opcode Fuzzy Hash: b811f9d035f1e051f4446d81a48ba224ae6f3274d3e91807cb4f46dd0d23d8c6
                                                                                                                                                                              • Instruction Fuzzy Hash: B8615933A09B458AE710CF69D0803AD77A0FB45B88F144275EE5D9BB99EF38E045C704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8452CB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF6F84527A9,?,?,?,?,?,?), ref: 00007FF6F8452CE1
                                                                                                                                                                                • Part of subcall function 00007FF6F8451CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6F8456864,?,?,?,?,?,?,?,?,?,?,?,00007FF6F8451023), ref: 00007FF6F8451CD7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                              • API String ID: 2776309574-1977442011
                                                                                                                                                                              • Opcode ID: 69f9f38fb52e236f6fe3fafe9453d7a9ad04d6afb8ed0cf7924aed2a75b51a31
                                                                                                                                                                              • Instruction ID: a94511e932087e93cf0b1d3bb83627e1b801e28dc2ab123678afff0f2ba8b631
                                                                                                                                                                              • Opcode Fuzzy Hash: 69f9f38fb52e236f6fe3fafe9453d7a9ad04d6afb8ed0cf7924aed2a75b51a31
                                                                                                                                                                              • Instruction Fuzzy Hash: 8001A721B1D74255FB61EB38E8163BD1251AF487C4F400472D86ECA6CAFE5CE108E71C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846BF30 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                              • Opcode ID: 462450d4d902cffcc5a3d4bd936668fc75f0525f5455500ffb60ea8cc1aab69e
                                                                                                                                                                              • Instruction ID: 0de33a090061fdb2fc25754f4b39cc6ac9dc10bbf55ae4616d7039b65ce5cc53
                                                                                                                                                                              • Opcode Fuzzy Hash: 462450d4d902cffcc5a3d4bd936668fc75f0525f5455500ffb60ea8cc1aab69e
                                                                                                                                                                              • Instruction Fuzzy Hash: 55D11432B08A8589E710CFB9D4402AC77B1FB45B98B104272CE6ED7BD9EE38D456D744
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8475A38 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                                              • Opcode ID: 8a406785a72c892738552bbb2d3a95dfeca04d9c4dd013807edb0ef2ae62de69
                                                                                                                                                                              • Instruction ID: c6b0117f76177dae51013cd30cd9195a50b967dab5c16d543831cd4611b54473
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a406785a72c892738552bbb2d3a95dfeca04d9c4dd013807edb0ef2ae62de69
                                                                                                                                                                              • Instruction Fuzzy Hash: 7D51CD32E0C64286F7694E389D0537D6680EB60714F1B44B5CB3DCE2D6FE2DE880A759
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8474CE4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                              • String ID: ?
                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                              • Opcode ID: bce607ece9376f72a0087ebccefc344875d207fa92e37d697f16642748ff1bb3
                                                                                                                                                                              • Instruction ID: e5862e7e854107b8eef547d06f165e1e342fee46dd84a99b9a8c43a90f1bf027
                                                                                                                                                                              • Opcode Fuzzy Hash: bce607ece9376f72a0087ebccefc344875d207fa92e37d697f16642748ff1bb3
                                                                                                                                                                              • Instruction Fuzzy Hash: 85412822A0868242FB609B35E50137EA694EF91BA4F104275EFBC87AD5FF3CD481D704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8468314 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F8468346
                                                                                                                                                                                • Part of subcall function 00007FF6F846A2B8: RtlReleasePrivilege.NTDLL(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2CE
                                                                                                                                                                                • Part of subcall function 00007FF6F846A2B8: GetLastError.KERNEL32(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2D8
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6F845A115), ref: 00007FF6F8468364
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastModuleNamePrivilegeRelease_invalid_parameter_noinfo
                                                                                                                                                                              • String ID: C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                                                              • API String ID: 1752791759-930001350
                                                                                                                                                                              • Opcode ID: e19e11296164cc5f5849ee78601b9a04ecc97558caa5d883e89eb0069fe35f22
                                                                                                                                                                              • Instruction ID: 1537057afb1aec388a27e7017700f0c116412a3090cc1d277a7f49933ed5c02a
                                                                                                                                                                              • Opcode Fuzzy Hash: e19e11296164cc5f5849ee78601b9a04ecc97558caa5d883e89eb0069fe35f22
                                                                                                                                                                              • Instruction Fuzzy Hash: AA418E32A08B5286EB24DF35D9410BDA7A4EF467C4B5440B6E96E83BC5FF3DE4819348
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846C5DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                              • String ID: U
                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                              • Opcode ID: 35d1ba7b3e06cf66a9a63fc15f9cdb867b526454cddcb1cc7585018f3c01db52
                                                                                                                                                                              • Instruction ID: 7817b242e2e387823d619992b820eca8856f3e3314880bc4884cce878e3205d8
                                                                                                                                                                              • Opcode Fuzzy Hash: 35d1ba7b3e06cf66a9a63fc15f9cdb867b526454cddcb1cc7585018f3c01db52
                                                                                                                                                                              • Instruction Fuzzy Hash: E141B122A18A8182DB60CF25E4443AAB760FB99794F444031EE5DC7B98FF3CD401D758
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846E928 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                              • String ID: :
                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                              • Opcode ID: c4c28fccba7696486555105089596d58065162c515a9f9b2cd0fe43e648118bb
                                                                                                                                                                              • Instruction ID: ce3c10767c22678ab0ea1f0ee188ec10d1cb370cb006b95e8395c7c30918f038
                                                                                                                                                                              • Opcode Fuzzy Hash: c4c28fccba7696486555105089596d58065162c515a9f9b2cd0fe43e648118bb
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D213432A0868181EB60CB25D00522EA3F1FF85B48FA18076DAAD836C0EF7CE9499744
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845E230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                              • String ID: csm
                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                              • Opcode ID: ed93e57f905e8d2c307eff59956c4c6cc3209cab66e14db4cfb89e499c7c97d1
                                                                                                                                                                              • Instruction ID: 1e10b046962111741d140d6e2c299f8def5c1eaa6047bb378b3c0271d024b58c
                                                                                                                                                                              • Opcode Fuzzy Hash: ed93e57f905e8d2c307eff59956c4c6cc3209cab66e14db4cfb89e499c7c97d1
                                                                                                                                                                              • Instruction Fuzzy Hash: 4F115E32A08B4182EB208F25F54026D7BA1FB88B84F184271EF9C4BB98EF3CD551CB04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846F3FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.555688125.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.555670774.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555780672.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555846223.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555857989.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.555869206.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID: :
                                                                                                                                                                              • API String ID: 3215553584-336475711
                                                                                                                                                                              • Opcode ID: af30997fc9b2bda5339abb9cf150afc1d24e6460e7359128a80d95a47095e053
                                                                                                                                                                              • Instruction ID: 75854458412d082e34cb1aae8b1d97e94eff7b3adb18de4ae3521b16627649ab
                                                                                                                                                                              • Opcode Fuzzy Hash: af30997fc9b2bda5339abb9cf150afc1d24e6460e7359128a80d95a47095e053
                                                                                                                                                                              • Instruction Fuzzy Hash: 66018622A1C20686F720AF70D45227EA360FF5A748F801475D5ADD6AD5FF3CE5059B18
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 70A0A7B0 Relevance: 624.0, APIs: 334, Strings: 21, Instructions: 2756stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strncmp$free$_errnofprintf$fputc$strchr$atoffclose$_time64getenvstrerror
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$*$*CODE:$*DOMAIN:$*FIXKEY:$*FLAGS:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*TIME:$*VERSION:$Pyarmor$_vax_%s$clickbank$license.c$pyarmor-test-0001$pytransform.log$regnow$shareit
                                                                                                                                                                              • API String ID: 1877277240-1732257083
                                                                                                                                                                              • Opcode ID: 08869ff62410ed530750503c75e088e77021f7996454e95b7b940fabeae3a752
                                                                                                                                                                              • Instruction ID: 9e1d1b8ada2dcebee2fe6bcc057d11c69bf52c235d1179b5613465b19a765894
                                                                                                                                                                              • Opcode Fuzzy Hash: 08869ff62410ed530750503c75e088e77021f7996454e95b7b940fabeae3a752
                                                                                                                                                                              • Instruction Fuzzy Hash: 42338B7171874ADAEB159B21FA1079D23A5FB88BC4F44422AD94E5B36CEF3CE509C312
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0E6F0 Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 293stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Invalid parameter, xrefs: 70A0E910
                                                                                                                                                                              • NULL code object, xrefs: 70A0EA7B
                                                                                                                                                                              • Check the restrict mode of module failed, xrefs: 70A0EB2B
                                                                                                                                                                              • Python interpreter is debug version, xrefs: 70A0E940
                                                                                                                                                                              • The runtime library doesn't support Super Mode, xrefs: 70A0E961
                                                                                                                                                                              • Loaded module __main__ not found in sys.modules, xrefs: 70A0EB9D
                                                                                                                                                                              • <frozen pyarmor>, xrefs: 70A0E6FC
                                                                                                                                                                              • The python version in runtime is different from the build time, xrefs: 70A0E8B1
                                                                                                                                                                              • Restore module failed, xrefs: 70A0EB01
                                                                                                                                                                              • The runtime library doesn't support Advanced Mode, xrefs: 70A0EA5D
                                                                                                                                                                              • ssO|i, xrefs: 70A0E770
                                                                                                                                                                              • This obfuscated script is obfuscated by old PyArmor, xrefs: 70A0EB4F
                                                                                                                                                                              • Enable restrict mode failed, xrefs: 70A0EBC1
                                                                                                                                                                              • Got string from code object failed, xrefs: 70A0E7DC, 70A0E9F7
                                                                                                                                                                              • Check restrict mode of module failed, xrefs: 70A0EAD3
                                                                                                                                                                              • Incompatible core library, xrefs: 70A0EBE9
                                                                                                                                                                              • Marshal loads failed, xrefs: 70A0EB79
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strlenstrncmp
                                                                                                                                                                              • String ID: <frozen pyarmor>$Check restrict mode of module failed$Check the restrict mode of module failed$Enable restrict mode failed$Got string from code object failed$Incompatible core library$Invalid parameter$Loaded module __main__ not found in sys.modules$Marshal loads failed$NULL code object$Python interpreter is debug version$Restore module failed$The python version in runtime is different from the build time$The runtime library doesn't support Advanced Mode$The runtime library doesn't support Super Mode$This obfuscated script is obfuscated by old PyArmor$ssO|i
                                                                                                                                                                              • API String ID: 1310274236-189690365
                                                                                                                                                                              • Opcode ID: c76b4630db5dba8b94918e888814963c6e56fdf8d1109c16338af8bbd98566b7
                                                                                                                                                                              • Instruction ID: e8202e0a391df97a66eca3d7aa74d733dc9f664c9cb6af039623d3c9ba643694
                                                                                                                                                                              • Opcode Fuzzy Hash: c76b4630db5dba8b94918e888814963c6e56fdf8d1109c16338af8bbd98566b7
                                                                                                                                                                              • Instruction Fuzzy Hash: 20D14E72B09B09D5EB15CF15F88035963B5F799B88F844226D90E87728EF7CE688E341
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A36F00 Relevance: 26.0, APIs: 14, Strings: 3, Instructions: 518COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free$malloc$memcpy
                                                                                                                                                                              • String ID: msghash != NULL$res != NULL$src/pk/pkcs1/pkcs_1_pss_decode.c
                                                                                                                                                                              • API String ID: 901724546-3276693071
                                                                                                                                                                              • Opcode ID: 6bf2a60d2b8e2298fcc0de14fd52a4906ceda266028a46616140561cf0e4d388
                                                                                                                                                                              • Instruction ID: b28f517f2e5c0fab0ea0a157fdc4e44a63067def5c3784860c86499e4b010f86
                                                                                                                                                                              • Opcode Fuzzy Hash: 6bf2a60d2b8e2298fcc0de14fd52a4906ceda266028a46616140561cf0e4d388
                                                                                                                                                                              • Instruction Fuzzy Hash: 611236B26082D086D323CB65E80575EFFA9F74B790FC6801AEA874764DDA7DD884CB01
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A70C90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlWow64SetThreadContext.NTDLL ref: 70A70CF0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                                              • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                              • API String ID: 983334009-3743287242
                                                                                                                                                                              • Opcode ID: 92c065ca89abec1997848133b4d1076c9b5e49955e8ffd3d9a29227274912c27
                                                                                                                                                                              • Instruction ID: 2fc8b2a801552d3e1343ac4fbba029e5866327fdd9809e1ff4e8e36d5b005223
                                                                                                                                                                              • Opcode Fuzzy Hash: 92c065ca89abec1997848133b4d1076c9b5e49955e8ffd3d9a29227274912c27
                                                                                                                                                                              • Instruction Fuzzy Hash: E8F01535B18A48C9EB609B16FCA074A6360F39CB88F544225DA9D87774EF6CD709CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A6FFB0 Relevance: 4.4, APIs: 3, Instructions: 651COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: freemallocmemcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3056473165-0
                                                                                                                                                                              • Opcode ID: 791c4f8927b015886fb24a50f2ab30a87ed52ce1407ff1ffaec066b77c2a18e9
                                                                                                                                                                              • Instruction ID: 3f854b4e0b4bd2c5154bee269f092218abfe356dd434d68adafe375f0becdec5
                                                                                                                                                                              • Opcode Fuzzy Hash: 791c4f8927b015886fb24a50f2ab30a87ed52ce1407ff1ffaec066b77c2a18e9
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E42A131605B58C6EB248B50EC91B6E2724F799B8AF51E236DA4EEB75CCF3CE5048341
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845A190 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                                              • Opcode ID: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                                              • Instruction ID: aa8da1aeaea780748f41a768ffc28750ea4b182981b5f3e819527cc963b0e5ea
                                                                                                                                                                              • Opcode Fuzzy Hash: 89476163297b1986c36223162515cabc13cdfddbe3f763e035948e907b44b7ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 0FE0EC70F1D60386E72CB7795C830BD51916F5A320FA002B5E23DC66C2ED2D7591776A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A199F0 Relevance: 2283.8, APIs: 1190, Strings: 111, Instructions: 7009libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$_errno
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$3des$KUcZN872$PyArg_ParseTuple$PyBool_FromLong$PyByteArray_AsString$PyBytes_AsString$PyBytes_AsStringAndSize$PyBytes_FromStringAndSize$PyBytes_Size$PyCFunction_Call$PyCFunction_NewEx$PyCell_Set$PyCode_Type$PyDict_Clear$PyDict_Copy$PyDict_GetItemString$PyDict_SetItem$PyDict_SetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Format$PyErr_NoMemory$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyErr_SetString$PyEval_EvalCode$PyEval_EvalFrameEx$PyEval_GetBuiltins$PyEval_GetFrame$PyEval_GetGlobals$PyEval_GetLocals$PyEval_SetProfile$PyEval_SetTrace$PyExc_ImportError$PyExc_RuntimeError$PyFrame_LocalsToFast$PyFrame_Type$PyFunction_Type$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ExecCodeModuleEx$PyImport_GetMagicNumber$PyImport_GetModuleDict$PyImport_ImportModule$PyList_GetItem$PyList_Size$PyLong_AsLong$PyLong_FromLong$PyMarshal_ReadObjectFromString$PyMarshal_WriteObjectToFile$PyMarshal_WriteObjectToString$PyModule_GetDict$PyObject_GetAttrString$PyObject_Print$PyObject_SetAttrString$PyObject_Size$PyObject_Type$PyString_AsStringAndSize$PyString_Format$PyString_FromStringAndSize$PyString_Size$PyString_Type$PySys_GetObject$PySys_SetObject$PyThreadState_Get$PyTuple_GetItem$PyTuple_GetSlice$PyTuple_New$PyTuple_SetItem$PyTuple_Size$PyType_GenericNew$PyUnicodeUCS2_AsUTF8String$PyUnicodeUCS2_Format$PyUnicodeUCS2_FromString$PyUnicodeUCS4_AsUTF8String$PyUnicodeUCS4_Format$PyUnicodeUCS4_FromString$PyUnicode_AsUTF8String$PyUnicode_Fill$PyUnicode_Format$PyUnicode_FromString$PyUnicode_Type$Py_BuildValue$Py_CompileString$Py_CompileStringExFlags$Py_DebugFlag$Py_DecRef$Py_Exit$Py_IncRef$Py_InspectFlag$Py_InteractiveFlag$Py_ReprEnter$_PyEval_EvalFrameDefault$_Py_NoneStruct$_Py_TrueStruct$_pytransform.c$aLKRUcccZSN+8X702HKdGC2l$aes$dumps$license.c$license.lic$loads$marshal$pyshield.lic$pytransform.log$sha256$sprng$wrapper.c
                                                                                                                                                                              • API String ID: 1566810575-3151966554
                                                                                                                                                                              • Opcode ID: be2183f0be4d287ce0b2e6b889ec4ed85b002e2031703eef5ca9ec935e113795
                                                                                                                                                                              • Instruction ID: c6d15e650cbbfc270a07c374445c2311c5310b700580a82d554581e20cfc369d
                                                                                                                                                                              • Opcode Fuzzy Hash: be2183f0be4d287ce0b2e6b889ec4ed85b002e2031703eef5ca9ec935e113795
                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE38EB0B19712E9EB049B11F91079C23A5FB99BC4F844226D94E5B3A8DF3CF646C316
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0DA10 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 96COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 70A05FD0: getenv.MSVCRT ref: 70A06066
                                                                                                                                                                              • _errno.MSVCRT ref: 70A0DA91
                                                                                                                                                                                • Part of subcall function 70A0A7B0: strncmp.MSVCRT ref: 70A0A891
                                                                                                                                                                                • Part of subcall function 70A0A7B0: strchr.MSVCRT ref: 70A0A8A2
                                                                                                                                                                              • free.MSVCRT ref: 70A0DA6F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errnofreegetenvstrchrstrncmp
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$license.c$license.lic$product.key$pytransform.log
                                                                                                                                                                              • API String ID: 2166687660-2554675036
                                                                                                                                                                              • Opcode ID: c78a2fa8851f534af0ca4489e17584d93d8da82fec902f7d7bf618e961ec0e07
                                                                                                                                                                              • Instruction ID: f6921e39fbe2ea8bfa082a9b4ee5395fcf71dbb820493b4c50599c7430b0b608
                                                                                                                                                                              • Opcode Fuzzy Hash: c78a2fa8851f534af0ca4489e17584d93d8da82fec902f7d7bf618e961ec0e07
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B31E671B2831699EF019B61F90179D63A1AB89BC4F844226ED4D1B76CEF3CF906C306
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A04A00 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fprintf$fputc$_errnofclosefreemallocmemcpy
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$protect.c$pytransform.log$!
                                                                                                                                                                              • API String ID: 4098992662-152705595
                                                                                                                                                                              • Opcode ID: f4f11d98654f22f3108b67875ee014831f8f5b40bde045c54f5d2bc865fddc6d
                                                                                                                                                                              • Instruction ID: ce169459db75e4695f2d7c2963c1d399baeddfc44ec2600ce0a200b673199cc4
                                                                                                                                                                              • Opcode Fuzzy Hash: f4f11d98654f22f3108b67875ee014831f8f5b40bde045c54f5d2bc865fddc6d
                                                                                                                                                                              • Instruction Fuzzy Hash: E331B4517182819EEB159B36B950BAD6B70EF86BC8F484165DECD0736AEE2CF403C319
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A30FC0 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free$memcmp$malloc
                                                                                                                                                                              • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                              • API String ID: 2896619906-237625700
                                                                                                                                                                              • Opcode ID: 8b93d59d99ff91baca5845845e3974536d7d8804b439aee4d47e74401a4a6e22
                                                                                                                                                                              • Instruction ID: 9f772e92b6d4e25c7928f97a1c5bce61baa1eefe74c7ef371a86ec995fe98713
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b93d59d99ff91baca5845845e3974536d7d8804b439aee4d47e74401a4a6e22
                                                                                                                                                                              • Instruction Fuzzy Hash: DBB18C722086848AD720CF51E54479EF7A5F389BC8F904229EE8A5BB1CDB7DE945CB40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A94ED0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                              • String ID: $@$@
                                                                                                                                                                              • API String ID: 896588047-3743272326
                                                                                                                                                                              • Opcode ID: ad2b5d174cbbaebff85b719ff44f08ee0dbd8e41e6a4b1a3aa829fbda9743842
                                                                                                                                                                              • Instruction ID: cee35e83c8d40c509c7011d4e926b2c1f3f4ee977901ab9e023c1a7fa3cdb22f
                                                                                                                                                                              • Opcode Fuzzy Hash: ad2b5d174cbbaebff85b719ff44f08ee0dbd8e41e6a4b1a3aa829fbda9743842
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B413473F206608AEB224B16AC00B4D62A5B74DFB5F490326DE7A077D8EB7CD9408344
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A30310 Relevance: 18.5, APIs: 2, Strings: 10, Instructions: 483COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free
                                                                                                                                                                              • String ID: in != NULL$key != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_free.c$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                              • API String ID: 1294909896-606996012
                                                                                                                                                                              • Opcode ID: 345e1e85bc99fd4ccadda85d5b8b9d09f9acffdda33ebabc54617d6b4f392224
                                                                                                                                                                              • Instruction ID: 286936b4738a7848b0615287925369aca64c1aa5b2c3a288379e50c106d8443a
                                                                                                                                                                              • Opcode Fuzzy Hash: 345e1e85bc99fd4ccadda85d5b8b9d09f9acffdda33ebabc54617d6b4f392224
                                                                                                                                                                              • Instruction Fuzzy Hash: B1221972208B85C6E760CF22E45478EB7A4F788B98F504126EE8E87B5CDF79D585CB40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0DC10 Relevance: 15.6, APIs: 4, Strings: 6, Instructions: 579stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free$strlenstrncmp
                                                                                                                                                                              • String ID: __main__$__mp_main__$__parents_main__$__spec__$frame$obfmode.c
                                                                                                                                                                              • API String ID: 2569063720-2363144754
                                                                                                                                                                              • Opcode ID: bf566107312e63b26b986a86279860c8bd084a427222bd96483f8ebfae0187c2
                                                                                                                                                                              • Instruction ID: 57daabeed09556e80a5bddd4dce35138cf8524be36cbd361d1afad0cbb098257
                                                                                                                                                                              • Opcode Fuzzy Hash: bf566107312e63b26b986a86279860c8bd084a427222bd96483f8ebfae0187c2
                                                                                                                                                                              • Instruction Fuzzy Hash: D432ED72A09608D6EB15CB21FA4036D2766B749B88F404629CD0F4B7ACFB7CE985D701
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84512B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                              • API String ID: 0-3659356012
                                                                                                                                                                              • Opcode ID: e55edb64d81fa0b27bbacefdda91e42c0651eb635011ab0477d14988bb0e720e
                                                                                                                                                                              • Instruction ID: 7741b9700489e2daee15db2dcfbc3ba3a142792337251c049c9a80b8ee5f4081
                                                                                                                                                                              • Opcode Fuzzy Hash: e55edb64d81fa0b27bbacefdda91e42c0651eb635011ab0477d14988bb0e720e
                                                                                                                                                                              • Instruction Fuzzy Hash: 14418121A0874281EB10DB29E4112BDA3A0FB457D0F444472DE6D8BAC9FE3CE441EB08
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A334C0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                              • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                              • API String ID: 306872129-3913984646
                                                                                                                                                                              • Opcode ID: 506cc87b3a1b495c066cc1b0fc7eddeceb7b93b7c3aa0837716daf8ab076b779
                                                                                                                                                                              • Instruction ID: 715d0dec13e00e256bb0e4845aad1ddc1f0027f22fdbd89583179ed8a96c80d9
                                                                                                                                                                              • Opcode Fuzzy Hash: 506cc87b3a1b495c066cc1b0fc7eddeceb7b93b7c3aa0837716daf8ab076b779
                                                                                                                                                                              • Instruction Fuzzy Hash: 1D417672B092C0DAE7318F12F9917CBB7A5F798384F80411A9A8987B9CDB7DD549CB40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A33350 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 70A334A2
                                                                                                                                                                              • in != NULL, xrefs: 70A334A9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                              • API String ID: 0-85593093
                                                                                                                                                                              • Opcode ID: bb1b480e786b5f0a060a4f15a1e4b892f26845d7131757044f538bd708bb8b8f
                                                                                                                                                                              • Instruction ID: c5c50bafb057d4c98f9029b9be243138ffdb16b6aadcdf3a3944475a03c1ba32
                                                                                                                                                                              • Opcode Fuzzy Hash: bb1b480e786b5f0a060a4f15a1e4b892f26845d7131757044f538bd708bb8b8f
                                                                                                                                                                              • Instruction Fuzzy Hash: 7F312933B196808ADB168F1AE410B4DB265E748BD9FD48028EE4E4BB5CDF3DD555CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A70DE0 Relevance: 6.0, APIs: 4, Instructions: 38threadinjectionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$ContextCurrent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 195563550-0
                                                                                                                                                                              • Opcode ID: 99d3b8c55569807b5a3df5e2c7eff14ca15bcf6d4e21b9a73be53227edca2030
                                                                                                                                                                              • Instruction ID: 1eddd6dec481bea909cc2e88b09db8f3e19057b72cd79a9069f816696097565b
                                                                                                                                                                              • Opcode Fuzzy Hash: 99d3b8c55569807b5a3df5e2c7eff14ca15bcf6d4e21b9a73be53227edca2030
                                                                                                                                                                              • Instruction Fuzzy Hash: B3112532508744C9EB518B25F918B1EB3E2F788794F509629F6C99669CCFBCC189CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F845A1AC Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3058843127-0
                                                                                                                                                                              • Opcode ID: 7d844228c26b892dd08384abece49a91c4127074a55cbcc0a06edf4476ffb943
                                                                                                                                                                              • Instruction ID: e5a9abc265bcc80b17702d4da646e30c0ddb91abdaf0efdff980530ab1ec39fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d844228c26b892dd08384abece49a91c4127074a55cbcc0a06edf4476ffb943
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B314721A0834242FB10EB7891133BD6391AF46B84F4444B5EA6DCF2D7FE2DA844A368
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846BABC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6F846BA5C,?,?,?,?,00000000,?,?,00007FF6F846BBB1), ref: 00007FF6F846BB08
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF6F846BA5C,?,?,?,?,00000000,?,?,00007FF6F846BBB1), ref: 00007FF6F846BB12
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                              • Opcode ID: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                                              • Instruction ID: 23409a0185a5662873ba95557081c49c6c94bfe7fac829c297fe06d93b88791a
                                                                                                                                                                              • Opcode Fuzzy Hash: ddacae6aa89976049064c496390e2f418d38dbd4df1d4b0c029dff0bf2143edf
                                                                                                                                                                              • Instruction Fuzzy Hash: BB110162A08B8281DB10CB36E4441A9A361BB41BF4F544371EE7D8BBE8EE7CD0008744
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846A2B8 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlReleasePrivilege.NTDLL(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2CE
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6F84721CA,?,?,?,00007FF6F8472207,?,?,00000000,00007FF6F84726D8,?,?,00000000,00007FF6F847260B), ref: 00007FF6F846A2D8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                                              • Opcode ID: 3e03568b67aaf4224c3ffade366a14ad34e1255bca52690c7e22dee6db176c31
                                                                                                                                                                              • Instruction ID: de6df0b3a409e9e57a79d023328367c7d8c24c23f0a7a99b510c9efb70e6219b
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e03568b67aaf4224c3ffade366a14ad34e1255bca52690c7e22dee6db176c31
                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE08C20F4D60382FF18ABB2D84A53852506F8A700B4444B0C83DC63D1FE2CA885A328
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84562C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                              • Opcode ID: fe9bbac4a5c9b264553005643a6a02ef048d5e4dca4347976649bf0b147e1a27
                                                                                                                                                                              • Instruction ID: 1e2ed33a20f117a82de51031b4476147c9fe630364daeb816a21575162c6d698
                                                                                                                                                                              • Opcode Fuzzy Hash: fe9bbac4a5c9b264553005643a6a02ef048d5e4dca4347976649bf0b147e1a27
                                                                                                                                                                              • Instruction Fuzzy Hash: F3219421B0839246FB109B3665043BEA751BF45BD4F8854B1EE1D8B7C6EE7DE445D308
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846B2C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: b59e1c72e791777bb94a1bb83b09c738e79e1c4d1884165a8cec492615d4a699
                                                                                                                                                                              • Instruction ID: 3f302c1392e5c313d5ed453f97d7644c5929193cd5694e8a8e8ba2710e9cd8c3
                                                                                                                                                                              • Opcode Fuzzy Hash: b59e1c72e791777bb94a1bb83b09c738e79e1c4d1884165a8cec492615d4a699
                                                                                                                                                                              • Instruction Fuzzy Hash: F231D632B1864285E7119F74C84137CAB50BF82BA1F9141B6D93D837D2EF7CA480A718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F84652D8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                                              • Instruction ID: 492dba774aa68cc2e4ca5ca23278aaa9b77b6798fc81add7c10a76262b64ba6f
                                                                                                                                                                              • Opcode Fuzzy Hash: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
                                                                                                                                                                              • Instruction Fuzzy Hash: 6A114F72A1C64181EB609F61D80127DE360BF87B80F454471EAAC97AC6EF3CD4506B59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8466A28 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                              • Opcode ID: 39d7f463129669a65356553cb610c2162213c063e08ba365197d0070ce431db6
                                                                                                                                                                              • Instruction ID: cd08ba5f97ab5d0d090d3315e1ea739f716ca2c141f74a7d53f81ec77648263a
                                                                                                                                                                              • Opcode Fuzzy Hash: 39d7f463129669a65356553cb610c2162213c063e08ba365197d0070ce431db6
                                                                                                                                                                              • Instruction Fuzzy Hash: 71116D32A1C78282E710DF24A44012AA3A5FB86740F5544B4E6AD876D6FE3CE810AB88
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F846E248 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6F846AD46,?,?,?,00007FF6F8469F0F,?,?,00000000,00007FF6F846A1AA), ref: 00007FF6F846E29D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                                              • Instruction ID: 98aa66a2249b79e4dc70c4ad46cb92529b75e787cad4c3a7089835abe46e3730
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e1c66f5bdb0b3596c655908444cb66e6adca1508c0fe937eac4c5b3f6554faa
                                                                                                                                                                              • Instruction Fuzzy Hash: ECF09050B0930341FF5857B599113B992C26F8AB40F6C41B0CD2EC67D1FE2CE4817318
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A96550 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                              • Opcode ID: 55520103505fb2b0f5347ec77b52210e5f6cab78dcb607584f853220d99b3cc2
                                                                                                                                                                              • Instruction ID: 718997596fe409d23c43e28f549ccab20ff1ae5dcb4ef59b1ee5d8ebc4f539c1
                                                                                                                                                                              • Opcode Fuzzy Hash: 55520103505fb2b0f5347ec77b52210e5f6cab78dcb607584f853220d99b3cc2
                                                                                                                                                                              • Instruction Fuzzy Hash: D9F01CB033603086EB330522C700F6C26E85F06790E7A410A99164EEECE55FC685AF4E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A70BE0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: feaaaa0cf51caa3f99b8a002e9c14e1708ff5625ace8c5f16572cee7fcd3e753
                                                                                                                                                                              • Instruction ID: cbaeaf6c6e5f43d82b82c2969cc58d8f7f5016185a0d7430ba8a2f7ee5861c2d
                                                                                                                                                                              • Opcode Fuzzy Hash: feaaaa0cf51caa3f99b8a002e9c14e1708ff5625ace8c5f16572cee7fcd3e753
                                                                                                                                                                              • Instruction Fuzzy Hash: C3F0EC60F06201CEF7156B726E42B1D11A16FAC344F90F538E409C129CE72CF584CB51
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00007FF6F8456270 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00007FF6F8456D10: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6F8456D4A
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,?,00000000,00007FF6F84522BE,?,?,?,?), ref: 00007FF6F8456293
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.566149788.00007FF6F8451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F8450000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.566134608.00007FF6F8450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566308013.00007FF6F847A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566355899.00007FF6F848D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566371594.00007FF6F8490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566391186.00007FF6F849C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.566403885.00007FF6F849E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_7ff6f8450000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                                              • Opcode ID: 70d12eb4fd24d3ceb0c658345bc0722639d50d669a4c9afc8c75a08057651af4
                                                                                                                                                                              • Instruction ID: 8674cbfb4d134efe7005b3f5cded9445408d23438ab9753659d15a581a212370
                                                                                                                                                                              • Opcode Fuzzy Hash: 70d12eb4fd24d3ceb0c658345bc0722639d50d669a4c9afc8c75a08057651af4
                                                                                                                                                                              • Instruction Fuzzy Hash: 64E08622B1818542DB189B77E50647EA251EF48BC0B589435DE1D87795ED3CD4914B04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A94120 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                              • Opcode ID: ad683bb627b7ab02320f166490d90dff12a04f907f4fe6b01c8a673c6386ec2c
                                                                                                                                                                              • Instruction ID: 8064f0211f80f956083993993018be11ab48410aace7100781154c00130ccf7b
                                                                                                                                                                              • Opcode Fuzzy Hash: ad683bb627b7ab02320f166490d90dff12a04f907f4fe6b01c8a673c6386ec2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 2F9178B2720B9486DB558F26D04175D3BE5F709FD8F18421AEE8A1B39CDBB8C895C384
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A32680 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                              • Opcode ID: 631a701d00fc529bd3a32dd3db007cb3e3e8974d07076f68e69fb64148f7bedd
                                                                                                                                                                              • Instruction ID: e0c39c528e15e1789dc8405bf6eb4f1b8e91efe10352138b44db58fda47a5f2d
                                                                                                                                                                              • Opcode Fuzzy Hash: 631a701d00fc529bd3a32dd3db007cb3e3e8974d07076f68e69fb64148f7bedd
                                                                                                                                                                              • Instruction Fuzzy Hash: 06F01D32649B5881EA158F41F45035EB764FB88BA0F884124DEC917B28DB38D592C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A32630 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • free.MSVCRT(?,?,?,?,?,?,70A2FE60), ref: 70A32660
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                              • Opcode ID: 0ce7600af63b6781545d9a21129e7d61dd1c530cd41a66e420323fc634547caa
                                                                                                                                                                              • Instruction ID: e6fc7704c99e319dcaa6319212f6fa984a7cd92d9697d92f0d35d3a14dae0447
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ce7600af63b6781545d9a21129e7d61dd1c530cd41a66e420323fc634547caa
                                                                                                                                                                              • Instruction Fuzzy Hash: 16E06D32A49B48C1DA10CF10F88025EB768FB88B98F980128EECE03728DB3CD591CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A70F60 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • malloc.MSVCRT(?,?,0000027F021917D0,0000001B,70A7397D,0000027F021917D0,?,?,70A763A5,?,70A996E0,00000000,70A70998), ref: 70A70F6F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                              • Opcode ID: 1c8bdaffa960dfd775ff7fe1b80783ca916ac178948a71f1648bfeba0ed92fb6
                                                                                                                                                                              • Instruction ID: c06845344927dd6f3f8a447f7d926b4fa5ab7602ccac4f79e03a75aa26130cca
                                                                                                                                                                              • Opcode Fuzzy Hash: 1c8bdaffa960dfd775ff7fe1b80783ca916ac178948a71f1648bfeba0ed92fb6
                                                                                                                                                                              • Instruction Fuzzy Hash: 61D02262B8BA1181C50D8B533C402AC85866B4DBE0E08C0309E8C57304EC2C80834300
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A70FE0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                              • Opcode ID: 9287e08c20975ed3c19586d29dd955b81908fc052125fea48543a92b48a8a35e
                                                                                                                                                                              • Instruction ID: 37ad8e1b3b36a6959367083b20d05beb5750edcd6c0f735069558d2b0438d4bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 9287e08c20975ed3c19586d29dd955b81908fc052125fea48543a92b48a8a35e
                                                                                                                                                                              • Instruction Fuzzy Hash: 43C08CA6A13A00C1FF198BB2FC503383220AF5CF05F189010CE0A463408F2C90D18701
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 70A227E0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _snprintf.MSVCRT ref: 70A2282C
                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 70A22860
                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 70A2287A
                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 70A228F4
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A2290A
                                                                                                                                                                              • _snprintf.MSVCRT ref: 70A22947
                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 70A22974
                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 70A22995
                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 70A229A4
                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 70A229EC
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A22A05
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A22A0A
                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 70A22A14
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A22A36
                                                                                                                                                                                • Part of subcall function 70A224D0: GetLastError.KERNEL32 ref: 70A224D4
                                                                                                                                                                                • Part of subcall function 70A224D0: FormatMessageA.KERNEL32 ref: 70A22505
                                                                                                                                                                                • Part of subcall function 70A224D0: LocalFree.KERNEL32 ref: 70A22526
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                              • String ID: /%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d$platforms/windows/hdinfo.c
                                                                                                                                                                              • API String ID: 1119308327-2400754906
                                                                                                                                                                              • Opcode ID: cdc5ca99754b0ed8af1e0c1fc3391b6fed3b1e63f17cefb8642155568022127a
                                                                                                                                                                              • Instruction ID: 78b29783421bd9483aabc46b8ce1290c77c7cf321ccdab8d0dbf543897946013
                                                                                                                                                                              • Opcode Fuzzy Hash: cdc5ca99754b0ed8af1e0c1fc3391b6fed3b1e63f17cefb8642155568022127a
                                                                                                                                                                              • Instruction Fuzzy Hash: FA51E131704A808AE7249F22F914B4B7764F788BE4F444325AE5E4BBD8CF7CC6068704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A22B90 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                              • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                              • API String ID: 2355516209-72258043
                                                                                                                                                                              • Opcode ID: 30f747ad7a7eb893f58eb9baf259ccbdc94368a5531370d9905ee84ac7e1ee0b
                                                                                                                                                                              • Instruction ID: 0d7b3137eaeb007d479d6924609eaa03627adb4b49fa2c675c148a31f9b832b7
                                                                                                                                                                              • Opcode Fuzzy Hash: 30f747ad7a7eb893f58eb9baf259ccbdc94368a5531370d9905ee84ac7e1ee0b
                                                                                                                                                                              • Instruction Fuzzy Hash: 22513672218B8095E701CB22F84475FBBA6BBCA795F444225EE9A47B9DDF7CC508C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A380F0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                              • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                              • API String ID: 2525729555-3762154145
                                                                                                                                                                              • Opcode ID: fc793f130eee9d6fe5856a492ae082c48102eab86eaee6756813012a7edc1188
                                                                                                                                                                              • Instruction ID: a8ec404c47e84b9e32cf0793c61425bd677adc6d0f6f02ad6f5924d66923671b
                                                                                                                                                                              • Opcode Fuzzy Hash: fc793f130eee9d6fe5856a492ae082c48102eab86eaee6756813012a7edc1188
                                                                                                                                                                              • Instruction Fuzzy Hash: F431F232708B4081E711CB66E84475EBAB5B78CBC0F804625DE8A8372CEF7DDA4AC340
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A22540 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 98memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • platforms/windows/hdinfo.c, xrefs: 70A22687
                                                                                                                                                                              • Too small size, xrefs: 70A22680
                                                                                                                                                                              • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 70A225B7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesFree$Alloc
                                                                                                                                                                              • String ID: %02x:%02x:%02x:%02x:%02x:%02x$Too small size$platforms/windows/hdinfo.c
                                                                                                                                                                              • API String ID: 3314560173-3552495142
                                                                                                                                                                              • Opcode ID: 542046e599156e828d7f4f9cdf4c090b56c29f6628748238c11a617c781fcf51
                                                                                                                                                                              • Instruction ID: adc38e0a36bc108657f6ab604fd605db90014fb713c36f7ad70899483e02aae4
                                                                                                                                                                              • Opcode Fuzzy Hash: 542046e599156e828d7f4f9cdf4c090b56c29f6628748238c11a617c781fcf51
                                                                                                                                                                              • Instruction Fuzzy Hash: 3831F6226082919ED710DBBAF910B2E7BA1F789B95F484236BD598379CDF3CD504DB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A22360 Relevance: 15.1, APIs: 10, Instructions: 105memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$Free$AdaptersAddressesAllocmemcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3510192139-0
                                                                                                                                                                              • Opcode ID: d2da9af87d846cd1c589f1e7d865ef595ba3dcf19010ff1e0370907bd33b5295
                                                                                                                                                                              • Instruction ID: 458859146df9df8e722937a6f6652994330ec62641a27ba8f336e36acaa7ef1c
                                                                                                                                                                              • Opcode Fuzzy Hash: d2da9af87d846cd1c589f1e7d865ef595ba3dcf19010ff1e0370907bd33b5295
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B3104227145919ED701EB6AF900F5E23A6A789BD5F888139EE0E87B18DF38C941C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A95380 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlCaptureContext.KERNEL32 ref: 70A95394
                                                                                                                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 70A953AB
                                                                                                                                                                              • RtlVirtualUnwind.KERNEL32 ref: 70A953ED
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 70A95431
                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 70A9543E
                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 70A95444
                                                                                                                                                                              • TerminateProcess.KERNEL32 ref: 70A95452
                                                                                                                                                                              • abort.MSVCRT ref: 70A95458
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4278921479-0
                                                                                                                                                                              • Opcode ID: 38f15871d2c854c23405dd6262a20182c3bbfa91e52b680f2e394a1181f99296
                                                                                                                                                                              • Instruction ID: 9fbf7b8e9ebe23eaa7d49609bebf5e78dcff67f58d670e554323d142bdd2cea8
                                                                                                                                                                              • Opcode Fuzzy Hash: 38f15871d2c854c23405dd6262a20182c3bbfa91e52b680f2e394a1181f99296
                                                                                                                                                                              • Instruction Fuzzy Hash: 3021F371A19B00D9EB009B65FC9079933A4FB1CB84F54422AD94E97728EF3CE659C704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0F220 Relevance: 7.7, APIs: 6, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: freememcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3223336191-0
                                                                                                                                                                              • Opcode ID: c97b40910d2df708959fe4fbd25dc214b13ab7a87ad39e6b7aa7696f48bc134c
                                                                                                                                                                              • Instruction ID: e6c9761d233015bb53eb81191f737d25446d12432f865c4322a4ad81bab5a319
                                                                                                                                                                              • Opcode Fuzzy Hash: c97b40910d2df708959fe4fbd25dc214b13ab7a87ad39e6b7aa7696f48bc134c
                                                                                                                                                                              • Instruction Fuzzy Hash: F451E3727182488AE720DF25F94179EB3A0FB45BD4F584126EE4A97B68EB3CD941CB04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0F7C0 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 386COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: freememcpy
                                                                                                                                                                              • String ID: code$obfmode.c
                                                                                                                                                                              • API String ID: 3223336191-930819804
                                                                                                                                                                              • Opcode ID: d1464dcc8e0fe268a4a2c4501067811ac185ddd0207d56e9f1d4031a7e60b13e
                                                                                                                                                                              • Instruction ID: 6d99e43c4c39d4b7d73b4afd8a3a486c73782635fb562a4f4ca258d941a8b4c3
                                                                                                                                                                              • Opcode Fuzzy Hash: d1464dcc8e0fe268a4a2c4501067811ac185ddd0207d56e9f1d4031a7e60b13e
                                                                                                                                                                              • Instruction Fuzzy Hash: BAF16B72608B49DAEB11CF25F58035A73B5F789B84F548216DA4E97B6CEB3CE941CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2BD40 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: in != NULL$out != NULL$outlen != NULL$src/misc/base64/base64_decode.c
                                                                                                                                                                              • API String ID: 0-942433653
                                                                                                                                                                              • Opcode ID: a1de569a620ad6ff2f642f603163c984532097288b5ba575777088c551e4dda7
                                                                                                                                                                              • Instruction ID: e60192b28be501d8954a71bf973623ecc9666a3dbc64f14321bf5c3566e74413
                                                                                                                                                                              • Opcode Fuzzy Hash: a1de569a620ad6ff2f642f603163c984532097288b5ba575777088c551e4dda7
                                                                                                                                                                              • Instruction Fuzzy Hash: 0192677391C6C887D307CE24A86435E7A22A3D6357F898234EF071B39AE279DE59C351
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A70CFC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: aaa936f450e0f3f2617054bbf92e3b1eb155860729415d7dd4d522b3eeb6c5f3
                                                                                                                                                                              • Instruction ID: fd78f73fd857ad01888a3b82d4976e574b0f55c983f5049707155319d51e2956
                                                                                                                                                                              • Opcode Fuzzy Hash: aaa936f450e0f3f2617054bbf92e3b1eb155860729415d7dd4d522b3eeb6c5f3
                                                                                                                                                                              • Instruction Fuzzy Hash: ED110A72629240CFE3A09F08E880B1BB6A0E384755F10A125F69ACB7A9D7BCD944CF40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A97031 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0c90b33fd82a3f94b6a2489b1998551afa574cf31df80a665c270717c1f455e3
                                                                                                                                                                              • Instruction ID: e9621649b03cd55aaeb521e234a02e159f3a167dc310da12043a462b0f979cca
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c90b33fd82a3f94b6a2489b1998551afa574cf31df80a665c270717c1f455e3
                                                                                                                                                                              • Instruction Fuzzy Hash: E1A0021785DC10C1D6100B00D821B615128F31A340F14A1304018994118B2D92026504
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A04B80 Relevance: 119.4, APIs: 63, Strings: 5, Instructions: 431stringfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$fprintfstrerror$fclosefputc$fwrite
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$inbuf$pytransform.log
                                                                                                                                                                              • API String ID: 3108438096-3708888661
                                                                                                                                                                              • Opcode ID: a55d836d327e1af174a548d8b552348d7f06c546fdb5a134832f79d2b8d03740
                                                                                                                                                                              • Instruction ID: 8fa3ec4edb807e7096d6f92c165c0945545b6d6b1b146ac59512dc101ca6a1b1
                                                                                                                                                                              • Opcode Fuzzy Hash: a55d836d327e1af174a548d8b552348d7f06c546fdb5a134832f79d2b8d03740
                                                                                                                                                                              • Instruction Fuzzy Hash: CEF19EA0B19755DAEA049B22F91075D23A1BB89BC4F84422ADD0E5B76CEF7CF506C306
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A146D0 Relevance: 94.8, APIs: 47, Strings: 7, Instructions: 338stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$fprintf$fclosefputc$freefseekmallocstrrchr
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$.pye$__file__$__main__$_pytransform.c$pytransform.log
                                                                                                                                                                              • API String ID: 1013380922-457461209
                                                                                                                                                                              • Opcode ID: dbe8650d955cea3bfdfe7b1170a59403f0189555c1a0e8e96ad844418eb22c9c
                                                                                                                                                                              • Instruction ID: c214cab25dc08cb896b5134ca0eb39040fb7e6a18611103d7a92f9e82fd673cf
                                                                                                                                                                              • Opcode Fuzzy Hash: dbe8650d955cea3bfdfe7b1170a59403f0189555c1a0e8e96ad844418eb22c9c
                                                                                                                                                                              • Instruction Fuzzy Hash: F6D18F70B19716DAEA059B16E910B9D2371BB88BC4F844229DD0E5B36CEF7CF946C306
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A185C0 Relevance: 87.8, APIs: 44, Strings: 6, Instructions: 322COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$fprintf$fclosefputc$freadfreemalloc
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$KUcZN872$_pytransform.c$aLKRUcccZSN+8X702HKdGC2l$pytransform.log
                                                                                                                                                                              • API String ID: 957815278-1234974604
                                                                                                                                                                              • Opcode ID: 113a7fd615a508826ea725e46f729d4340f5fa30128325bfc840362b6842d118
                                                                                                                                                                              • Instruction ID: 01351576caccf2c462e61d9669d9f1e009ce352a321ab7897783774ddeef12f9
                                                                                                                                                                              • Opcode Fuzzy Hash: 113a7fd615a508826ea725e46f729d4340f5fa30128325bfc840362b6842d118
                                                                                                                                                                              • Instruction Fuzzy Hash: 7DC1B2A0719342D9EA059B12EA10BAD2366FB89BC5F84422ADD0E5776CDF3CF546C307
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A231A0 Relevance: 77.4, APIs: 28, Strings: 16, Instructions: 436filestringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A231DE
                                                                                                                                                                                • Part of subcall function 70A22E60: strlen.MSVCRT ref: 70A22E83
                                                                                                                                                                              • fprintf.MSVCRT ref: 70A23217
                                                                                                                                                                              • fputc.MSVCRT ref: 70A23249
                                                                                                                                                                                • Part of subcall function 70A22540: GetAdaptersAddresses.IPHLPAPI ref: 70A22571
                                                                                                                                                                                • Part of subcall function 70A22540: GetProcessHeap.KERNEL32 ref: 70A225ED
                                                                                                                                                                                • Part of subcall function 70A22540: HeapFree.KERNEL32 ref: 70A225F7
                                                                                                                                                                              • fprintf.MSVCRT ref: 70A23278
                                                                                                                                                                                • Part of subcall function 70A22360: GetProcessHeap.KERNEL32 ref: 70A223B3
                                                                                                                                                                                • Part of subcall function 70A22360: HeapFree.KERNEL32 ref: 70A223BD
                                                                                                                                                                              • fputc.MSVCRT ref: 70A232AB
                                                                                                                                                                                • Part of subcall function 70A226B0: GetAdaptersAddresses.IPHLPAPI ref: 70A226E4
                                                                                                                                                                                • Part of subcall function 70A226B0: inet_ntoa.WS2_32 ref: 70A22725
                                                                                                                                                                                • Part of subcall function 70A226B0: GetProcessHeap.KERNEL32 ref: 70A22740
                                                                                                                                                                                • Part of subcall function 70A226B0: HeapFree.KERNEL32 ref: 70A2274A
                                                                                                                                                                              • fprintf.MSVCRT ref: 70A232DA
                                                                                                                                                                              • fputc.MSVCRT ref: 70A232EE
                                                                                                                                                                                • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22AAB
                                                                                                                                                                                • Part of subcall function 70A22A90: HeapAlloc.KERNEL32 ref: 70A22ABF
                                                                                                                                                                                • Part of subcall function 70A22A90: GetNetworkParams.IPHLPAPI ref: 70A22AF7
                                                                                                                                                                                • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22B19
                                                                                                                                                                                • Part of subcall function 70A22A90: HeapFree.KERNEL32 ref: 70A22B23
                                                                                                                                                                              • fprintf.MSVCRT ref: 70A2331D
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A2333E
                                                                                                                                                                              • strchr.MSVCRT ref: 70A2336B
                                                                                                                                                                              • fputc.MSVCRT ref: 70A23382
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A233A3
                                                                                                                                                                              • fprintf.MSVCRT ref: 70A233CB
                                                                                                                                                                              • strchr.MSVCRT ref: 70A233D8
                                                                                                                                                                              • fprintf.MSVCRT ref: 70A233F9
                                                                                                                                                                              • fputc.MSVCRT ref: 70A23412
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A23433
                                                                                                                                                                              • malloc.MSVCRT ref: 70A2343D
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A237D7
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A237F8
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A23819
                                                                                                                                                                              • fwrite.MSVCRT ref: 70A2383A
                                                                                                                                                                              Strings
                                                                                                                                                                              • Failed to get mac address., xrefs: 70A237E3
                                                                                                                                                                              • Hardware informations got by PyArmor:, xrefs: 70A231C6
                                                                                                                                                                              • Serial number with disk name: , xrefs: 70A2338E
                                                                                                                                                                              • %02x:, xrefs: 70A236EE
                                                                                                                                                                              • Multiple Mac addresses: "<, xrefs: 70A2341E
                                                                                                                                                                              • Failed to get harddisk information., xrefs: 70A237C2
                                                                                                                                                                              • Ip address: "%s", xrefs: 70A232CD
                                                                                                                                                                              • Serial number of default harddisk: "%s", xrefs: 70A2320A
                                                                                                                                                                              • "%s", xrefs: 70A233AD, 70A233EC
                                                                                                                                                                              • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 70A23329
                                                                                                                                                                              • Failed to get domain name., xrefs: 70A23825
                                                                                                                                                                              • Default Mac address: "%s", xrefs: 70A2326B
                                                                                                                                                                              • Domain name: "%s", xrefs: 70A23310
                                                                                                                                                                              • >", xrefs: 70A23797
                                                                                                                                                                              • %02x, xrefs: 70A2374D
                                                                                                                                                                              • Failed to get ip address., xrefs: 70A23804
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$fwrite$fprintf$Processfputc$Free$AdaptersAddressesstrchr$AllocNetworkParamsinet_ntoamallocstrlen
                                                                                                                                                                              • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                              • API String ID: 558248371-3771683696
                                                                                                                                                                              • Opcode ID: 13c24b1e5b45a5fda5733edbbf2822c40defad475cb2179bab9c6ec0dfaa94dd
                                                                                                                                                                              • Instruction ID: ab2814ce4649bb32a0d5ad94461592e4eab04a3b78948e03f1eb92a38bb1a70f
                                                                                                                                                                              • Opcode Fuzzy Hash: 13c24b1e5b45a5fda5733edbbf2822c40defad475cb2179bab9c6ec0dfaa94dd
                                                                                                                                                                              • Instruction Fuzzy Hash: 3402DD72705B808ADB50CB26F54539E77A5EB8AB90F008229EF9E4B798DF3CD144C705
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A114B0 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 225stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fprintf$_errno$strerror$fputc$fclose$_time64atoffreestrlenstrstr
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$*TIME:$license.c$pytransform.log
                                                                                                                                                                              • API String ID: 3204063161-4277730492
                                                                                                                                                                              • Opcode ID: cb050303a69b0c0ede515df855fc2f32b7e6e906ea1da2ffe09435c3ab5b4562
                                                                                                                                                                              • Instruction ID: 2126cfc1af72039f5c50a19794cc0658df879707cefd90488eb4f3660fde2bba
                                                                                                                                                                              • Opcode Fuzzy Hash: cb050303a69b0c0ede515df855fc2f32b7e6e906ea1da2ffe09435c3ab5b4562
                                                                                                                                                                              • Instruction Fuzzy Hash: D181E360B19742D9EB069B21E91075D23B6BB89BD4F444226D90E5B3A8EF3CF546C306
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A10310 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errnomalloc
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$j > 0$protect.c$pytransform.log
                                                                                                                                                                              • API String ID: 2517923351-3883256839
                                                                                                                                                                              • Opcode ID: 1206d8eeb04db029207194b922365b630d7953b1941d65a438a5715048776f2d
                                                                                                                                                                              • Instruction ID: ff07d6d3b3f9b6b98854da9fc516575f118b90ff98d56f831fa1d945c1adf2f5
                                                                                                                                                                              • Opcode Fuzzy Hash: 1206d8eeb04db029207194b922365b630d7953b1941d65a438a5715048776f2d
                                                                                                                                                                              • Instruction Fuzzy Hash: 6881F7607197129ADB059B22E950B5D3361BB89BC4F844139ED4D8B36CEF7CF542C316
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0A420 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$freemalloc
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$key != NULL$protect.c$pytransform.log
                                                                                                                                                                              • API String ID: 1860011666-3885171557
                                                                                                                                                                              • Opcode ID: 8a6e71b606a6edd9607f7985f67b0dd5e759139ac30054f9b6bbef360a315f23
                                                                                                                                                                              • Instruction ID: 509ea94fd3a3a3b0b0f5887046d1078b872c9f92159d09f6358ee19bded4a022
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a6e71b606a6edd9607f7985f67b0dd5e759139ac30054f9b6bbef360a315f23
                                                                                                                                                                              • Instruction Fuzzy Hash: 4371C060719705D9EB059B22FE1076D23A6BB99BC4F84413AAD0E5B36CEF3CF5058326
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A13150 Relevance: 63.2, APIs: 5, Strings: 31, Instructions: 230stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$freemallocstrerror
                                                                                                                                                                              • String ID: (OOO)$+F7unNMN$04U5w91r$3fvNMf9L$41qM08fu$4mLks8EO$Ew==$HERhc2hp$IFB5c2hp$IoHvpCe3$KUcZN872$RbgIUXyw$S8tSMMR7$UeQH2iY/$Wrap result failed$Xa2Z/Fdw$ZWxkIFBy$aGQGvX/a$aLKRUcccZSN+8X702HKdGC2l$b2plY3Ql$bmdzb2Z0$cDxn1XUJ$ej7tPRL6$fSis3Gx0$k6W630PQ$nc/WZrlr$oFj2UIkE$oVCzhcbp$p5dyeOAr$qNGCrKem$thDV3x4e
                                                                                                                                                                              • API String ID: 2349789213-433811109
                                                                                                                                                                              • Opcode ID: 624b173c16426899b52012b21411e58a9206184bed50c35cfa08abbcd4e2e186
                                                                                                                                                                              • Instruction ID: 78d8931315209e5107b875b6d3043ef45e632cbbc8eb1df4609bbf268d1bd2f7
                                                                                                                                                                              • Opcode Fuzzy Hash: 624b173c16426899b52012b21411e58a9206184bed50c35cfa08abbcd4e2e186
                                                                                                                                                                              • Instruction Fuzzy Hash: 9DB14976605B8889DBA4CF26B84074E77E9F788B84F54812ACF8D9BB18DF38D561C740
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A16FB0 Relevance: 58.0, APIs: 29, Strings: 4, Instructions: 235COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errnofprintf$fputc$fclose
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                              • API String ID: 1597153534-2792274189
                                                                                                                                                                              • Opcode ID: 965f4bcb16246e92763e2d81b5dff386b5e097a7ed16ec24f2d3a33b0c55399c
                                                                                                                                                                              • Instruction ID: 1bb4ec97db281722209b1fc787afb349fad2dbd8202ebf2bd55b624b51c9fa52
                                                                                                                                                                              • Opcode Fuzzy Hash: 965f4bcb16246e92763e2d81b5dff386b5e097a7ed16ec24f2d3a33b0c55399c
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E919B60B19712E6EA05DB12E910B5D2375BB88BC4F845229ED0E5B36CDF3CFA468306
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A04590 Relevance: 57.9, APIs: 28, Strings: 5, Instructions: 194stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclose$strerror
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                              • API String ID: 1803879104-71371975
                                                                                                                                                                              • Opcode ID: 912dc521261d1d4f2b0080924e4c6082783260cfc3a337a1380329dcac03b09c
                                                                                                                                                                              • Instruction ID: 805acb5b26305301531e3a2d65506f471216a2fdce9a8898db0420f220212266
                                                                                                                                                                              • Opcode Fuzzy Hash: 912dc521261d1d4f2b0080924e4c6082783260cfc3a337a1380329dcac03b09c
                                                                                                                                                                              • Instruction Fuzzy Hash: B47192A0B19745E9EF049B22FA14B5D2362BB99BC5F40422ADD0E1B368EF7CF505C316
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A141A0 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 188stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$free$mallocstrerrorstrlen$fclosefseek
                                                                                                                                                                              • String ID: Decode trial license failed$Format trial license file '%s'$Get current time failed$Invalid trial license file, size is %d != 256$Read trial license file '%s'$license.lic
                                                                                                                                                                              • API String ID: 1618752535-3017380149
                                                                                                                                                                              • Opcode ID: 1936a862ee83b1ee454f01741b40f85adc19cb991e2ac86d20caf95b855864bd
                                                                                                                                                                              • Instruction ID: 930a3c6776f156c1877515d5279a18ea7cf30e822b77bede63db8e56cd96778a
                                                                                                                                                                              • Opcode Fuzzy Hash: 1936a862ee83b1ee454f01741b40f85adc19cb991e2ac86d20caf95b855864bd
                                                                                                                                                                              • Instruction Fuzzy Hash: 88711371708646DADB01CB24F9117AD63B2FB88784F944225EA4E43BACEF7CE585C711
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A042E0 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 155stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                              • API String ID: 775964473-71371975
                                                                                                                                                                              • Opcode ID: e18e1272c58465955a0fb1316aa0f123a6dc247921916cb65b3e378ff617b6cb
                                                                                                                                                                              • Instruction ID: 443e8e53f564d145d799b1cf557eab261b3f419400f85a98dd2c72952ad08cc2
                                                                                                                                                                              • Opcode Fuzzy Hash: e18e1272c58465955a0fb1316aa0f123a6dc247921916cb65b3e378ff617b6cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 4E5171A0719705E9EF049B52FA1476D23A6BB98BC5F40422ADD4D1B368EF7CF506C312
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A13680 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 271stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$strerrorstrlen
                                                                                                                                                                              • String ID: %c%c%c%s$%c%s$%s%s$Could not generate license in trial version$Dashingsoft Pyshield Project$Encode buffer failed$Import rsa key failed$Sign hash failed$The size of serial number %d > 2048$The total size of serial number %d > 2560
                                                                                                                                                                              • API String ID: 427076510-1296519401
                                                                                                                                                                              • Opcode ID: 3393cfd4f85f525fd3c2912761e863e9d0301e2ce8f958a0513091c8e3cb3263
                                                                                                                                                                              • Instruction ID: 416187afce5d70c449ab116920cb23c18104a06d9d5715d4986e0b5d9e8f8a87
                                                                                                                                                                              • Opcode Fuzzy Hash: 3393cfd4f85f525fd3c2912761e863e9d0301e2ce8f958a0513091c8e3cb3263
                                                                                                                                                                              • Instruction Fuzzy Hash: 23C16F72608B8596D720DF11F95078EB3A5F788784F944126EA8E83B6CEF3CD545CB40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A13BA0 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 168stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$fclosefreadstrerror
                                                                                                                                                                              • String ID: Encode moudle key failed$Invalid public key %s$KUcZN872$Open public key %s failed$Wrap result failed$Write output %s failed$aLKRUcccZSN+8X702HKdGC2l
                                                                                                                                                                              • API String ID: 1423157237-3340988237
                                                                                                                                                                              • Opcode ID: 6acd97815793f0c0714dd68f9cc8becce5d138438797c3fd1ab971516a66c735
                                                                                                                                                                              • Instruction ID: 33515db0b70ae701f86a07a38838bd38b59afe21dddc52d46ba282719d696971
                                                                                                                                                                              • Opcode Fuzzy Hash: 6acd97815793f0c0714dd68f9cc8becce5d138438797c3fd1ab971516a66c735
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F51DF22B15746A5EA01DF52F91079E23A4FB89BC4F840126EE4E5776CEF3CE686C341
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A13E60 Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 182stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • key/iv size is %d, it must be 32., xrefs: 70A1402A
                                                                                                                                                                              • %.0f, xrefs: 70A14090
                                                                                                                                                                              • KUcZN872, xrefs: 70A13EDF
                                                                                                                                                                              • Fail to write trial license file %s, xrefs: 70A13FA1
                                                                                                                                                                              • %s is not a legal public key, xrefs: 70A13ED2
                                                                                                                                                                              • Failed to encode trial license., xrefs: 70A14180
                                                                                                                                                                              • aLKRUcccZSN+8X702HKdGC2l, xrefs: 70A13EE6
                                                                                                                                                                              • This function is not included in trial version, xrefs: 70A13F2E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free$_errno_time64fclosefreadmallocstrlen
                                                                                                                                                                              • String ID: %.0f$%s is not a legal public key$Fail to write trial license file %s$Failed to encode trial license.$KUcZN872$This function is not included in trial version$aLKRUcccZSN+8X702HKdGC2l$key/iv size is %d, it must be 32.
                                                                                                                                                                              • API String ID: 710462250-3996822628
                                                                                                                                                                              • Opcode ID: 8370c22a6d36e53f8989102209b7d1a5f3cd16679098a3358a02e72c2067e321
                                                                                                                                                                              • Instruction ID: 964df151b8e8e220bf49e089259e60b8dd644538b9e4ba386c7f9c7078909683
                                                                                                                                                                              • Opcode Fuzzy Hash: 8370c22a6d36e53f8989102209b7d1a5f3cd16679098a3358a02e72c2067e321
                                                                                                                                                                              • Instruction Fuzzy Hash: EF612821B1574699DB11DB25E90179E63B4FB89B84F844222EE4E47B6CEF3CE586C300
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0EC00 Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 70A04900: fseek.MSVCRT ref: 70A04954
                                                                                                                                                                                • Part of subcall function 70A04900: malloc.MSVCRT ref: 70A0496E
                                                                                                                                                                                • Part of subcall function 70A04900: fclose.MSVCRT ref: 70A049A3
                                                                                                                                                                              • _errno.MSVCRT ref: 70A0EC60
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errnofclosefseekmalloc
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$pytransform.log$utils.c
                                                                                                                                                                              • API String ID: 882899668-4272501623
                                                                                                                                                                              • Opcode ID: 00ab74ad02e025a31693e3314fb5883291eceee1359ff899981b4beb1bdb1360
                                                                                                                                                                              • Instruction ID: 7ff95dd6d7ef1c57135f4a5d2a50e3532d06407c11647e499c4f9fe7a73093cc
                                                                                                                                                                              • Opcode Fuzzy Hash: 00ab74ad02e025a31693e3314fb5883291eceee1359ff899981b4beb1bdb1360
                                                                                                                                                                              • Instruction Fuzzy Hash: 6441C361715209E9FA01DB52FE50BAD23A1BF98BC4F84422A9D0D573A8EF3CF505C305
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A18B90 Relevance: 36.9, APIs: 9, Strings: 12, Instructions: 165COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strdup$fclosefprintf
                                                                                                                                                                              • String ID: __armor%s__$__armor__$__armor_enter%s__$__armor_enter__$__armor_exit%s__$__armor_exit__$__armor_wrap%s__$__armor_wrap__$__pyarmor%s__$__pyarmor__$little$pytransform.log
                                                                                                                                                                              • API String ID: 2840409039-221964360
                                                                                                                                                                              • Opcode ID: 8df971dc2556e92d7f00076b5f4740f1aa481678c7a4da0365175499cdd3e438
                                                                                                                                                                              • Instruction ID: f15c05001ba333f1b7e9291657e74d480686af157944bf12f0423a5bcc00a5cb
                                                                                                                                                                              • Opcode Fuzzy Hash: 8df971dc2556e92d7f00076b5f4740f1aa481678c7a4da0365175499cdd3e438
                                                                                                                                                                              • Instruction Fuzzy Hash: 8451E261B19702E9FB118B61ED907992365BB487D8F84413ADD0E873A8DB3CF986C352
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A106D0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$fprintf$fclosestrerror
                                                                                                                                                                              • String ID: %s$%s,%d,%s$pytransform.log
                                                                                                                                                                              • API String ID: 190382524-2823618119
                                                                                                                                                                              • Opcode ID: 93a5a0c07d549ce71ee43f4bc77aef7159f97b429231196b3d5bb4582a56cfb0
                                                                                                                                                                              • Instruction ID: d19d642611ce647108502ef8c731c564c91e78096b704cae0a38ee823b592ef2
                                                                                                                                                                              • Opcode Fuzzy Hash: 93a5a0c07d549ce71ee43f4bc77aef7159f97b429231196b3d5bb4582a56cfb0
                                                                                                                                                                              • Instruction Fuzzy Hash: CC319F6171560299EA14AF12FD50F6C33A1BB89BC4F948139ED0D9B368DF6CF904C705
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A37790 Relevance: 30.2, APIs: 16, Strings: 4, Instructions: 243COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: free$malloc$memcpy$memset
                                                                                                                                                                              • String ID: msghash != NULL$out != NULL$outlen != NULL$src/pk/pkcs1/pkcs_1_pss_encode.c
                                                                                                                                                                              • API String ID: 4204908464-4182795421
                                                                                                                                                                              • Opcode ID: 9b10a652bff3423ef1709995a8179b20814eb2d872843e9e2bc6c6477cd36927
                                                                                                                                                                              • Instruction ID: bc8ee3992a74ba7107c35ab1353fcb23de458d038c3bba864d6b844b455ae4b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b10a652bff3423ef1709995a8179b20814eb2d872843e9e2bc6c6477cd36927
                                                                                                                                                                              • Instruction Fuzzy Hash: BB91C07231868486DB61CB56E85576EF7A4F78ABC4F80411AEE8B97B2CDF38D445CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A21F40 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 80stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$(iii)$_pytransform.c$pytransform.log
                                                                                                                                                                              • API String ID: 775964473-1072082768
                                                                                                                                                                              • Opcode ID: 70661684ba1b26f9ab01d0a1dc81501ee04e80534cb4dd379aabe13916287f6b
                                                                                                                                                                              • Instruction ID: 5be3b13954aa4861e7396b24ac19b2420183732b2b47dc4903de0db726178dbc
                                                                                                                                                                              • Opcode Fuzzy Hash: 70661684ba1b26f9ab01d0a1dc81501ee04e80534cb4dd379aabe13916287f6b
                                                                                                                                                                              • Instruction Fuzzy Hash: 44316D60B29611A5EB049B25F911BA923A1BB98BC5F8442369D0D1B3A8DF3CF506C715
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A173C0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                              • API String ID: 2918714741-2792274189
                                                                                                                                                                              • Opcode ID: da910fc67629ffbd093e54d7988a5d23c43f9099cce52fa61df74b39babf3782
                                                                                                                                                                              • Instruction ID: d101ad0d357833b7a55e9eb0dd126358c979390e200278e919f04a2ee92782be
                                                                                                                                                                              • Opcode Fuzzy Hash: da910fc67629ffbd093e54d7988a5d23c43f9099cce52fa61df74b39babf3782
                                                                                                                                                                              • Instruction Fuzzy Hash: E7418A61B1875596EB01DB12F84075D6775FB98BC4F804226EE8D07768EF3CE946C702
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A11350 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 85stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclosefreestrerror
                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$license.c$pytransform.log
                                                                                                                                                                              • API String ID: 1153345444-4157288542
                                                                                                                                                                              • Opcode ID: ffc7b84cf68f5d6564801d4922fabe33b1b8921e3d97d9bc228ab911f2538b19
                                                                                                                                                                              • Instruction ID: 59b2ad19078fdce73386e30f8942dac979d3965d47049c73e007880d6cfea187
                                                                                                                                                                              • Opcode Fuzzy Hash: ffc7b84cf68f5d6564801d4922fabe33b1b8921e3d97d9bc228ab911f2538b19
                                                                                                                                                                              • Instruction Fuzzy Hash: 52319160719702DAEE059B22EA1175D2365BB88BC4F44422ADD0D4B7ACEF3CF545C312
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A96810 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 87windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileMessageModuleName_snwprintfmalloc
                                                                                                                                                                              • String ID: %ws$<unknown>$Assertion failed!Program: %wsFile: %ws, Line %uExpression: %ws$MinGW Runtime Assertion$j > 0$protect.c
                                                                                                                                                                              • API String ID: 2604804178-2804858100
                                                                                                                                                                              • Opcode ID: e2bf559391e743521dc8a6e036dc0fc3deba8de86e54a9e0aab31db30f7f717c
                                                                                                                                                                              • Instruction ID: 5787a52ffbc75a8637399529ff8c9b8e70a65f880686d386e60bd3ad021811dd
                                                                                                                                                                              • Opcode Fuzzy Hash: e2bf559391e743521dc8a6e036dc0fc3deba8de86e54a9e0aab31db30f7f717c
                                                                                                                                                                              • Instruction Fuzzy Hash: B721F13172961488EB019B11EA613AD22F9BF4CBC0F844139E94E573A8EF3CE641C388
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A34490 Relevance: 22.9, APIs: 15, Instructions: 378COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy$calloc$qsort
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3784193592-0
                                                                                                                                                                              • Opcode ID: 12a6f3119b432016642255551f627762e342c40e4508717d6cf25631e3e16e2c
                                                                                                                                                                              • Instruction ID: a8ec1e3f234de6d6990665c818d5027dc79e2da4feb304e1080aec3cd94cc6ec
                                                                                                                                                                              • Opcode Fuzzy Hash: 12a6f3119b432016642255551f627762e342c40e4508717d6cf25631e3e16e2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 9AD134B2B152A08BC706CF11DC55A9EFBA6F74AB89FC64415EE470B308DB79E985C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2F0D0 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                              • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                              • API String ID: 306872129-190324370
                                                                                                                                                                              • Opcode ID: d418d209bf1d2d60832fc1c8b5d77b7c4ce1732357dd89ead1756bf694410ec0
                                                                                                                                                                              • Instruction ID: 9984e4fd40495c354f216ec38a63e9e0e38cfc1ee22220bd7bb7dd72a4154ef6
                                                                                                                                                                              • Opcode Fuzzy Hash: d418d209bf1d2d60832fc1c8b5d77b7c4ce1732357dd89ead1756bf694410ec0
                                                                                                                                                                              • Instruction Fuzzy Hash: 49C19932608A81CADB60DF62E91479EA765F7C8BD6F414036EE8E97718EF78D844C740
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A95760 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,70A01278), ref: 70A9588D
                                                                                                                                                                              Strings
                                                                                                                                                                              • Unknown pseudo relocation protocol version %d., xrefs: 70A95A0E
                                                                                                                                                                              • Unknown pseudo relocation bit size %d., xrefs: 70A959FA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                              • API String ID: 544645111-395989641
                                                                                                                                                                              • Opcode ID: 67276921af4edec6daa396d0bc490a36be5ef5f29907ee46fc5e4460ccf124c5
                                                                                                                                                                              • Instruction ID: c83cbbca61abc0343ffc357c7b21320b78f2b36ac401b92930a9324d27570f9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 67276921af4edec6daa396d0bc490a36be5ef5f29907ee46fc5e4460ccf124c5
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B91F631B302548AEF158775D98274D63E2BB4D7A4F948619CE1E877ACEA3DD981C30C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2D5C0 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                              • String ID: 3des$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                              • API String ID: 1004003707-2898822856
                                                                                                                                                                              • Opcode ID: 17bda9a5e38040ede557d212e29a991edcc59bbe9c69e27a0e2e80992a905be9
                                                                                                                                                                              • Instruction ID: 1479c84d9f0e53a92b50dbddb3bc64bdaab9f095d159dea93e6e426f8b3a5c1d
                                                                                                                                                                              • Opcode Fuzzy Hash: 17bda9a5e38040ede557d212e29a991edcc59bbe9c69e27a0e2e80992a905be9
                                                                                                                                                                              • Instruction Fuzzy Hash: 6731666335228649DF15DA62A7A47BD6361FF88BC6F004139ED1F8F959EF18E509C310
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A226B0 Relevance: 16.6, APIs: 11, Instructions: 86memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesFree$Allocinet_ntoa
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1708681428-0
                                                                                                                                                                              • Opcode ID: b98aee25327f76b748025f518f80e528aeb961a8c75e6496a976b9377e69ce13
                                                                                                                                                                              • Instruction ID: c3daa0c0a45f5abd77befb96f94072ea2ede413f78865f5b60c1b89ef6072f75
                                                                                                                                                                              • Opcode Fuzzy Hash: b98aee25327f76b748025f518f80e528aeb961a8c75e6496a976b9377e69ce13
                                                                                                                                                                              • Instruction Fuzzy Hash: 1021D3217186509AD7049BA6FD11B1E62A6BBCDB95F088235AD0D577A8DF38E5418B00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A22A90 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3483679945-0
                                                                                                                                                                              • Opcode ID: 76efa96e1acd114793a94f8b7d214b5392da9615bece9c3d993956f0684706fd
                                                                                                                                                                              • Instruction ID: f001f7b95b3045b3e0a64c44733ca262071fd889bcad5d2c2ea1eb7a63568a38
                                                                                                                                                                              • Opcode Fuzzy Hash: 76efa96e1acd114793a94f8b7d214b5392da9615bece9c3d993956f0684706fd
                                                                                                                                                                              • Instruction Fuzzy Hash: A311571170160568DA14EBB3BD00B6E97922FCEBD5F488236AD2D973ACEE3CE5428310
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A14CF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 189stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                              • String ID: <frozen %s$__init__.py
                                                                                                                                                                              • API String ID: 3418686817-1237021342
                                                                                                                                                                              • Opcode ID: bbc7994d83aee2c31e706521893ec7228d2d1d535aed39df0037f7a74b32eceb
                                                                                                                                                                              • Instruction ID: 872b417d666911d851596a35b7c82b46761c69ce0f78d2813fb695a20d09c74e
                                                                                                                                                                              • Opcode Fuzzy Hash: bbc7994d83aee2c31e706521893ec7228d2d1d535aed39df0037f7a74b32eceb
                                                                                                                                                                              • Instruction Fuzzy Hash: E0512A123056955AEF118F26E5007AD6771B789FC8F884425EE4E1778CFB7CD686C314
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A95CB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: signal
                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                              • API String ID: 1946981877-1584390748
                                                                                                                                                                              • Opcode ID: 1d0cb62066153b77727612b7b50d8dcb26671ddbe4a430b0e696f3b5fff60354
                                                                                                                                                                              • Instruction ID: 47fed1c9436f48ea1437853e556a1def360e88535748a9ef0533c580238d3028
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d0cb62066153b77727612b7b50d8dcb26671ddbe4a430b0e696f3b5fff60354
                                                                                                                                                                              • Instruction Fuzzy Hash: 12314F307315044AFF5992B9456632D11E69B8E338F258629DA2BCB3FCED199DC0031E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2DA40 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • hash != NULL, xrefs: 70A2DCAE
                                                                                                                                                                              • src/misc/crypt/crypt_register_hash.c, xrefs: 70A2DCA7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                              • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                              • API String ID: 1475443563-1465673959
                                                                                                                                                                              • Opcode ID: 260e42ce48444bb2bd22005100616deab472049bb68104e6cd1f3f5cbce349f2
                                                                                                                                                                              • Instruction ID: 7cc980dc135ddb0b3a46b706f71e90c7739df354b158d60b3276b08ce6fafcc0
                                                                                                                                                                              • Opcode Fuzzy Hash: 260e42ce48444bb2bd22005100616deab472049bb68104e6cd1f3f5cbce349f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 4061AE3330075486D714CB26E994B9E73A8F748BD8F118029DF8A87B68DF39E95AC354
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2DCD0 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • prng != NULL, xrefs: 70A2DF06
                                                                                                                                                                              • src/misc/crypt/crypt_register_prng.c, xrefs: 70A2DEFF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                              • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                              • API String ID: 1475443563-58737364
                                                                                                                                                                              • Opcode ID: 459dcdc2fa02f87d4296b62e1ea01cad54d5515d110e42ce3730b2095f469880
                                                                                                                                                                              • Instruction ID: ec431e3f3a1f1c50b9758e5dda9c6ae3d57e5d08c281df82ef9f5edcf64f1df5
                                                                                                                                                                              • Opcode Fuzzy Hash: 459dcdc2fa02f87d4296b62e1ea01cad54d5515d110e42ce3730b2095f469880
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D518D33340A949AD710CF12EA84B9E7369FB98BC5F424039DF5A8B654EB38E549C710
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2D710 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                              • API String ID: 1004003707-2030105502
                                                                                                                                                                              • Opcode ID: b2abfc6059d250dcdbdd5cb5cf3954ec282682f8af4ef2a9d8e4da86dc26cfe8
                                                                                                                                                                              • Instruction ID: d0371638aeb6a0958fd36a2c3fb3ab8718aea3d798e29509e3ec2371ee7f08c4
                                                                                                                                                                              • Opcode Fuzzy Hash: b2abfc6059d250dcdbdd5cb5cf3954ec282682f8af4ef2a9d8e4da86dc26cfe8
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E31956734268689DE15DB62A7E43BD6361EF89BC6F0041389E0B8F94DEB18E506C350
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2D470 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • name != NULL, xrefs: 70A2D5A8
                                                                                                                                                                              • src/misc/crypt/crypt_find_cipher.c, xrefs: 70A2D5A1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                              • API String ID: 1004003707-679692990
                                                                                                                                                                              • Opcode ID: 38309888a37da56a2906ed14cd3bc46d000e856524f8997045342d775a3ee526
                                                                                                                                                                              • Instruction ID: 57d97bd02e617bb078ea4ea57e64aa04c7a6596b90a23db098b8c4c37301e0e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 38309888a37da56a2906ed14cd3bc46d000e856524f8997045342d775a3ee526
                                                                                                                                                                              • Instruction Fuzzy Hash: 1131B76334218649EF14DA52ABE07FD6361EFC87CAF0045389E0B8F94DEB24E905C354
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A3CCC0 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                              • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                              • API String ID: 2803490479-2931318352
                                                                                                                                                                              • Opcode ID: 02d60037626ff14fee06ab1391a7fbd59c47d3a2811eaeb27ea93e4f5c1fdd8c
                                                                                                                                                                              • Instruction ID: 62f09c8fb4ba796de6f823f5abf0b2a5c0274718124e9232830b081ee4fba419
                                                                                                                                                                              • Opcode Fuzzy Hash: 02d60037626ff14fee06ab1391a7fbd59c47d3a2811eaeb27ea93e4f5c1fdd8c
                                                                                                                                                                              • Instruction Fuzzy Hash: 065136337092944ADB26CB32AD0476EEF62EB49BC4F984118DE574BA0CEB39E905C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A06D50 Relevance: 12.5, APIs: 3, Strings: 5, Instructions: 485COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it, xrefs: 70A072FA
                                                                                                                                                                              • code, xrefs: 70A07457
                                                                                                                                                                              • lambda_, xrefs: 70A06E13
                                                                                                                                                                              • <lambda>, xrefs: 70A06DF0
                                                                                                                                                                              • obfmode.c, xrefs: 70A07450
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                              • String ID: <lambda>$The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it$code$lambda_$obfmode.c
                                                                                                                                                                              • API String ID: 3510742995-709486575
                                                                                                                                                                              • Opcode ID: 503032d764b40375dc8c4a7543e0c4219453fae51b0f939bca72a95dd7092d79
                                                                                                                                                                              • Instruction ID: 944573f31036e29d6e57291945717955bfa8a8e2e84d8052f6551d7903a13771
                                                                                                                                                                              • Opcode Fuzzy Hash: 503032d764b40375dc8c4a7543e0c4219453fae51b0f939bca72a95dd7092d79
                                                                                                                                                                              • Instruction Fuzzy Hash: F812C372F08A84C6EB11CB25F94476E77A1F789B94F508216EE4A47B6CEB3CD545CB00
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A07980 Relevance: 12.3, APIs: 3, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strlenstrstr
                                                                                                                                                                              • String ID: <lambda>$co_names$code$lambda_$obfmode.c
                                                                                                                                                                              • API String ID: 2393776628-2864150894
                                                                                                                                                                              • Opcode ID: 4298df55d908ae6b00c1bc4abce4757f28cf3a7f0bca63ceb2e4e976d9f295b4
                                                                                                                                                                              • Instruction ID: 5174a9ef9fe5e4dc51255108baa1c244eab3fc32d16ef77fe7032d1365121389
                                                                                                                                                                              • Opcode Fuzzy Hash: 4298df55d908ae6b00c1bc4abce4757f28cf3a7f0bca63ceb2e4e976d9f295b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 9CB1BC62B19B88D5EB11CB22F94076D67A1FB49BC4F444216DE8E87B68EF3CE645C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A30BE0 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: in != NULL$key != NULL$out != NULL$outlen != NULL$src/pk/rsa/rsa_sign_hash.c
                                                                                                                                                                              • API String ID: 0-3034240082
                                                                                                                                                                              • Opcode ID: 10eeea08ac099e17582974fce6a9daa6a5009d53140328ab1c8eea3aa2f38b41
                                                                                                                                                                              • Instruction ID: 4456b59188f1691b94ac0d6f82a27fa2ea331e733a37cc94e0ce282ede889d3f
                                                                                                                                                                              • Opcode Fuzzy Hash: 10eeea08ac099e17582974fce6a9daa6a5009d53140328ab1c8eea3aa2f38b41
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F8148726086C48AD734CF11E594B9EB7A4F388784F90422AEE8A97B5CDB3DE544CF40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A03940 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: sprintf$malloc
                                                                                                                                                                              • String ID: %s%s$', %d)$(__name__, __file__, b'$\x%02x$__pyarmor__
                                                                                                                                                                              • API String ID: 1197820334-965320081
                                                                                                                                                                              • Opcode ID: 4687728be1ff778a48328a2c8978a0cfa3d777edfe5f487b2d2bed73a5a8962d
                                                                                                                                                                              • Instruction ID: 17f8eabeeaebb658e161cbccb45316386a7e11430fe04fbbceef8e12ced14e52
                                                                                                                                                                              • Opcode Fuzzy Hash: 4687728be1ff778a48328a2c8978a0cfa3d777edfe5f487b2d2bed73a5a8962d
                                                                                                                                                                              • Instruction Fuzzy Hash: 8721F327B65619A6DB04CB16AE1079D2355FB4CBD8F848221DE4E93328EA3CF44BC300
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A95560 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Address %p has no image-section, xrefs: 70A95749
                                                                                                                                                                              • VirtualProtect failed with code 0x%x, xrefs: 70A956EA
                                                                                                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 70A95738
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryVirtual
                                                                                                                                                                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                              • API String ID: 1804819252-2123141913
                                                                                                                                                                              • Opcode ID: 4f020e01b341bace898f75bec590f55d9cc10b1bef5ba748662d257ba5edb19b
                                                                                                                                                                              • Instruction ID: 9274b2413f9a278cc1776aaad984eec909cb725b4ad131abdde4dcc0b6736b09
                                                                                                                                                                              • Opcode Fuzzy Hash: 4f020e01b341bace898f75bec590f55d9cc10b1bef5ba748662d257ba5edb19b
                                                                                                                                                                              • Instruction Fuzzy Hash: 3551BF76B21B40C6DB118F36E94279D77F1B748BA4F888225DE1E073A8DB38DA41C708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A96950 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _stat64$freemallocstrlen
                                                                                                                                                                              • String ID: <unknown>
                                                                                                                                                                              • API String ID: 2817875163-1574992787
                                                                                                                                                                              • Opcode ID: f68677aba16f54d8779b41a51b711177e66009717469d7e1e07c59a9924451ab
                                                                                                                                                                              • Instruction ID: cda43fdfdc26301d64b1cddae84ea05d977de089e3a0e5af88a0318a5aa49d91
                                                                                                                                                                              • Opcode Fuzzy Hash: f68677aba16f54d8779b41a51b711177e66009717469d7e1e07c59a9924451ab
                                                                                                                                                                              • Instruction Fuzzy Hash: C751CE6232969088DB11CF21915032E7BF6EF89BD4F54C016EAC607B5CE73EC849D749
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0EE30 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 220COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Internal buffer error$This function could not be called from the plain script$code$obfmode.c
                                                                                                                                                                              • API String ID: 0-1583419685
                                                                                                                                                                              • Opcode ID: 73f4f8264a89fe5d690a0e16f37ff7ad5cf5529bfb9f02f3703530f4fcab64c4
                                                                                                                                                                              • Instruction ID: bc497ab70437a1493618343c93e776d5b38f465a72e4a48d32615412fa8b1d3a
                                                                                                                                                                              • Opcode Fuzzy Hash: 73f4f8264a89fe5d690a0e16f37ff7ad5cf5529bfb9f02f3703530f4fcab64c4
                                                                                                                                                                              • Instruction Fuzzy Hash: CDA17C32A19A09E5EB15CF15F98436A3360F749B85F804216DE4E87B28EF3CDA85C700
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A22F50 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: sprintf$strlen
                                                                                                                                                                              • String ID: /%d:$No any serial number of harddisk got$platforms/windows/hdinfo.c
                                                                                                                                                                              • API String ID: 3793847852-3769243694
                                                                                                                                                                              • Opcode ID: 3a2ba334b1e53a30d99cff912c5635a5ae08b3b93a1053080f0b52ae43f6180b
                                                                                                                                                                              • Instruction ID: d5e8c916c6d8f894e49bf41f13f21fa1e6242f8206bd0003e7c0705a5ee6266d
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a2ba334b1e53a30d99cff912c5635a5ae08b3b93a1053080f0b52ae43f6180b
                                                                                                                                                                              • Instruction Fuzzy Hash: 1031A263F190506DE7018A39FE103AD6722A7CABE2F588231DD26477DCD53D89D6C300
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A04900 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fclose$freefseekmalloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1339445139-0
                                                                                                                                                                              • Opcode ID: 0438185e5e49c839246a124256d73464e3b9df2ccc03e78a2760095e16ece729
                                                                                                                                                                              • Instruction ID: ebf56b3dd9eb5082c7addbd7c0d0b507daa696bf7fff19d89a5f318a4546b021
                                                                                                                                                                              • Opcode Fuzzy Hash: 0438185e5e49c839246a124256d73464e3b9df2ccc03e78a2760095e16ece729
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B11A7527222150CEA69AB6B7F0236E42929F89BE1F0C4635BE5E4775CFC78A5818344
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A024C0 Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 40stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                              • String ID: %s%c%s$\$license.lic
                                                                                                                                                                              • API String ID: 3157260142-3068191871
                                                                                                                                                                              • Opcode ID: a792ecc7a25332948dc4d55383739c2b2e31dc6dae9ef38d650a65a21372ad80
                                                                                                                                                                              • Instruction ID: 81c669a5276c4021c51a3705f84525ec7244f4d5615107f6c1cab23a112e2202
                                                                                                                                                                              • Opcode Fuzzy Hash: a792ecc7a25332948dc4d55383739c2b2e31dc6dae9ef38d650a65a21372ad80
                                                                                                                                                                              • Instruction Fuzzy Hash: C8F0242275634888ED12CB06FE0029DA7986F89BE4F8C41309E0E0776CFA3CE6868304
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A326E0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                              • API String ID: 0-3192267683
                                                                                                                                                                              • Opcode ID: 3bb24804cf1c39e317c548d0a331157429b86853231f73e9cc6515b78eca8dbc
                                                                                                                                                                              • Instruction ID: 998ee52b6b36e58258165d10d2910a950db4739e62d88d72547ad8ff1f22cf79
                                                                                                                                                                              • Opcode Fuzzy Hash: 3bb24804cf1c39e317c548d0a331157429b86853231f73e9cc6515b78eca8dbc
                                                                                                                                                                              • Instruction Fuzzy Hash: 8631F4327042448AE7259B16F80075EAA65BB49BD8F844135EE4B4BBACEB3CE946C300
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A952A0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 70A952E5
                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 70A952F0
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 70A952F9
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 70A95301
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 70A9530E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                              • Opcode ID: 71deaa8847ac07225c0b9a9975ff01b325f0ff8b50d971686cfb165e8d7fa5ce
                                                                                                                                                                              • Instruction ID: f3761bca60c6665eaf21dabe3c1515b7f0bc0244d165cda119bf1216d62064c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 71deaa8847ac07225c0b9a9975ff01b325f0ff8b50d971686cfb165e8d7fa5ce
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B118C26B2AA1186FF104B25F80475963A0B74CBE1F4807359E9D47BA8DF3CE58A8704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A024D6 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                              • String ID: %s%c%s$\
                                                                                                                                                                              • API String ID: 3157260142-3534329225
                                                                                                                                                                              • Opcode ID: f74f7b581a21910225bc891f01ee44beb55433b0c2e3d87a6a68a14ffbb08c12
                                                                                                                                                                              • Instruction ID: a56ef2efd9655e9b67b9bd2a96483f142d409bec9570657dd2bbfcfe82ef5816
                                                                                                                                                                              • Opcode Fuzzy Hash: f74f7b581a21910225bc891f01ee44beb55433b0c2e3d87a6a68a14ffbb08c12
                                                                                                                                                                              • Instruction Fuzzy Hash: A8E092217513444DDD15DB06BA0025DB6845B89BD8F884134AD4E13B68EE3CF2898704
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A73CB0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: abortfwrite
                                                                                                                                                                              • String ID: '$illegal index register
                                                                                                                                                                              • API String ID: 1067672060-451399654
                                                                                                                                                                              • Opcode ID: 9e072f5a76ee76b5e23c663f7146494ba32bc955bd6e66b7ddc4fd7bd7db62ef
                                                                                                                                                                              • Instruction ID: c4c73163ca4511ecd9f23133aeb0b8fcb6c52a755dee99f73e836344a7d0caa2
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e072f5a76ee76b5e23c663f7146494ba32bc955bd6e66b7ddc4fd7bd7db62ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 54918D73A19B85C4DB128F3DE89064C3BA5E399F88B9AD112CA4D47718CB7ED856C311
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A0FEA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Internal buffer error, xrefs: 70A10067
                                                                                                                                                                              • Invalid license, xrefs: 70A10017
                                                                                                                                                                              • This function could not be called from the plain script, xrefs: 70A10038
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _time64
                                                                                                                                                                              • String ID: Internal buffer error$Invalid license$This function could not be called from the plain script
                                                                                                                                                                              • API String ID: 1670930206-992726897
                                                                                                                                                                              • Opcode ID: 8f5478012960a087b17e483251a11bef36eed269b5a20717267066c89d0467ec
                                                                                                                                                                              • Instruction ID: ffb9c6a7a9d7fc9b9715c256910517946ad9987e26b53f77d39ad43e34d9fba7
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f5478012960a087b17e483251a11bef36eed269b5a20717267066c89d0467ec
                                                                                                                                                                              • Instruction Fuzzy Hash: 37414A32A09A0AD1EB119B25F89035D73A4FB89B94F544726DD0ED7B78EF3CE685C201
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A224D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • platforms/windows/hdinfo.c, xrefs: 70A22510
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                              • String ID: platforms/windows/hdinfo.c
                                                                                                                                                                              • API String ID: 1365068426-3843089204
                                                                                                                                                                              • Opcode ID: aa1f72af1f9256f694d27d04d8c1611766f73c4bae97df4e40b23cc10d957754
                                                                                                                                                                              • Instruction ID: 9c98c81a8e37215b12f25d9795779afe9e028b7157acaca63fb4e2ee4a39468b
                                                                                                                                                                              • Opcode Fuzzy Hash: aa1f72af1f9256f694d27d04d8c1611766f73c4bae97df4e40b23cc10d957754
                                                                                                                                                                              • Instruction Fuzzy Hash: C0F06D31608A41C2E710AB11E854B4A7771F3DDB85F604226EA8E43B68CF7DC24A8B40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A96730 Relevance: 6.3, APIs: 5, Instructions: 65stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • strlen.MSVCRT ref: 70A96743
                                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,?,?,70A037BC), ref: 70A9674D
                                                                                                                                                                              • strlen.MSVCRT ref: 70A96758
                                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,?,?,70A037BC), ref: 70A96762
                                                                                                                                                                              • free.MSVCRT(?,?,?,?,?,?,70A037BC), ref: 70A967D9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: mallocstrlen$free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2585366504-0
                                                                                                                                                                              • Opcode ID: 5816b1f4630d63510055bcd56d6306e8be8977165d69239cb0b62cc5bcb140c6
                                                                                                                                                                              • Instruction ID: 0638851f4a224caca41d9b8ee29da46d08603ffe5ff52579ef66635da8357622
                                                                                                                                                                              • Opcode Fuzzy Hash: 5816b1f4630d63510055bcd56d6306e8be8977165d69239cb0b62cc5bcb140c6
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E1108127342A446D7199F36A5725AD7BE0DF9EFC8F488025FE8B47718EA2C9612C708
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Sleep_amsg_exit
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1015461914-0
                                                                                                                                                                              • Opcode ID: 7b7cd71a9208fb0481e2650ffc94a4d9b5aff767e2cfab8c3033c9da52f077ad
                                                                                                                                                                              • Instruction ID: bc99b7e14b24fe4152f6a649d2fd9e99b7a5e05c75762759f3db96024c1b6c0b
                                                                                                                                                                              • Opcode Fuzzy Hash: 7b7cd71a9208fb0481e2650ffc94a4d9b5aff767e2cfab8c3033c9da52f077ad
                                                                                                                                                                              • Instruction Fuzzy Hash: F6417E32B05548CAE7078F1AF96179962A5A78C7D4F44422AEE1D47358FF7CE981D340
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A145F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: freestrrchr
                                                                                                                                                                              • String ID: .pye
                                                                                                                                                                              • API String ID: 4178315289-4135401513
                                                                                                                                                                              • Opcode ID: bfe414825e98f7366fecf06c5dbfa31408418e6a553e5bee61253fe6cd6fe403
                                                                                                                                                                              • Instruction ID: c5cc54c390dd5510e514ba72ec433e583bf89fb7729368c3f054879e7df4961a
                                                                                                                                                                              • Opcode Fuzzy Hash: bfe414825e98f7366fecf06c5dbfa31408418e6a553e5bee61253fe6cd6fe403
                                                                                                                                                                              • Instruction Fuzzy Hash: A911081271520499FE069B66FD1136D53A0AB89FD5F4845309E1E47768FE3CD8C6C304
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A05440 Relevance: 5.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                              • Opcode ID: 8887bcf00b9c5a0df90894ad054ff675871eafbc232aec6a5375fde6386eee60
                                                                                                                                                                              • Instruction ID: 65fbc0bdf165173fd5fd41a4600feb4c3e846906f83a60a123f1867dfd944da4
                                                                                                                                                                              • Opcode Fuzzy Hash: 8887bcf00b9c5a0df90894ad054ff675871eafbc232aec6a5375fde6386eee60
                                                                                                                                                                              • Instruction Fuzzy Hash: E5B105B26187C886CB42CB35E804A4F7FADEB05790F89C615EE5A4B39CE739C955D301
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A2D400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __iob_func.MSVCRT ref: 70A2D410
                                                                                                                                                                              • abort.MSVCRT(?,?,?,?,CA4587E7,70A2E01F,?,?,?,?,70A02A6C), ref: 70A2D431
                                                                                                                                                                              Strings
                                                                                                                                                                              • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 70A2D416
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __iob_funcabort
                                                                                                                                                                              • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                              • API String ID: 1307436159-2823265812
                                                                                                                                                                              • Opcode ID: 5d103e923e5a7a9d09fda6a27a1b82defeced1008c67a37ebcf131cac65a500b
                                                                                                                                                                              • Instruction ID: cfd18097ad85927e3dac0dd476ad99f17a2c337413abb698c3df0880dc0f49d1
                                                                                                                                                                              • Opcode Fuzzy Hash: 5d103e923e5a7a9d09fda6a27a1b82defeced1008c67a37ebcf131cac65a500b
                                                                                                                                                                              • Instruction Fuzzy Hash: 3BD0A77172469991DA106B26AE40B9D9BA0FF9DFD4F888210FD8C93F249F18D206C340
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A02410 Relevance: 5.0, APIs: 4, Instructions: 48stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$freestrlen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1041141762-0
                                                                                                                                                                              • Opcode ID: 541b3cefb45a6e4a8767c182a7c039580f588f189a8ca05b4e3c417e89734867
                                                                                                                                                                              • Instruction ID: 8a1f0eaab414182a10af46e19658e632a64742d618426c4e4557ceb8789737f3
                                                                                                                                                                              • Opcode Fuzzy Hash: 541b3cefb45a6e4a8767c182a7c039580f588f189a8ca05b4e3c417e89734867
                                                                                                                                                                              • Instruction Fuzzy Hash: 4DF0FF2270175449E728DB27BD41B1FAAD5BB8CBD8F484138AE8D43B68EF3CC5468304
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 70A95F90 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000007.00000002.555248797.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                              • Associated: 00000007.00000002.555227326.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555823774.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.555833655.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556122377.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556197628.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556210250.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556222028.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556231474.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556243910.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000007.00000002.556253992.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_7_2_70a00000_KuponcuBaba.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4020351045-0
                                                                                                                                                                              • Opcode ID: 81a428ebb9d41306c1eed1cc7743b46bab9b42e02f731671eacda80807a8cd86
                                                                                                                                                                              • Instruction ID: b8446c81e60ffb0577f0fc747a7d4a9b78ac1307dbeaf98736c5b9a10c5a5464
                                                                                                                                                                              • Opcode Fuzzy Hash: 81a428ebb9d41306c1eed1cc7743b46bab9b42e02f731671eacda80807a8cd86
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B015A71B29600C2EF0ACB75E8D131923E5FB98B90F548625C90E87328EB3CEA85C304
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%