Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
7zr.exe

Overview

General Information

Sample Name:7zr.exe
Analysis ID:1345995
MD5:58fc6de6c4e5d2fda63565d54feb9e75
SHA1:0586248c327d21efb8787e8ea9f553ddc03493ec
SHA256:72c98287b2e8f85ea7bb87834b6ce1ce7ce7f41a8c97a81b307d4d4bf900922b
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • 7zr.exe (PID: 7192 cmdline: "C:\Users\user\Desktop\7zr.exe" -install MD5: 58FC6DE6C4E5D2FDA63565D54FEB9E75)
    • conhost.exe (PID: 7200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • 7zr.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\7zr.exe" /install MD5: 58FC6DE6C4E5D2FDA63565D54FEB9E75)
    • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • 7zr.exe (PID: 7364 cmdline: "C:\Users\user\Desktop\7zr.exe" /load MD5: 58FC6DE6C4E5D2FDA63565D54FEB9E75)
    • conhost.exe (PID: 7372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Spreading
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 7zr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: 7zr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B665A1 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,0_2_00B665A1
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B671B5 __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,0_2_00B671B5
Source: 7zr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC81E00_2_00BC81E0
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC41C80_2_00BC41C8
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCC3600_2_00BCC360
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BBC3500_2_00BBC350
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BBC4B00_2_00BBC4B0
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BD253A0_2_00BD253A
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B785190_2_00B78519
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B8E6A70_2_00B8E6A7
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BD26210_2_00BD2621
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BAC88D0_2_00BAC88D
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B7A87C0_2_00B7A87C
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BBA9C00_2_00BBA9C0
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCE9600_2_00BCE960
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BB6A000_2_00BB6A00
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B7AA450_2_00B7AA45
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCEB390_2_00BCEB39
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC4B000_2_00BC4B00
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B7CDBD0_2_00B7CDBD
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC0D890_2_00BC0D89
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC4E200_2_00BC4E20
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC30A00_2_00BC30A0
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC31200_2_00BC3120
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC91600_2_00BC9160
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC72200_2_00BC7220
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCD2600_2_00BCD260
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC52500_2_00BC5250
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BC13A00_2_00BC13A0
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B653C80_2_00B653C8
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BD13200_2_00BD1320
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BA94160_2_00BA9416
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCD4100_2_00BCD410
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B6947F0_2_00B6947F
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B615BB0_2_00B615BB
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BBB5400_2_00BBB540
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCD9800_2_00BCD980
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B61AEA0_2_00B61AEA
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BAFB460_2_00BAFB46
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BA3FD50_2_00BA3FD5
Source: C:\Users\user\Desktop\7zr.exeCode function: String function: 00B61E89 appears 164 times
Source: C:\Users\user\Desktop\7zr.exeCode function: String function: 00BCF140 appears 552 times
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B6801A: __EH_prolog,GetFileInformationByHandle,DeviceIoControl,memcpy,0_2_00B6801A
Source: 7zr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\7zr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\7zr.exe "C:\Users\user\Desktop\7zr.exe" -install
Source: C:\Users\user\Desktop\7zr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\Desktop\7zr.exe "C:\Users\user\Desktop\7zr.exe" /install
Source: C:\Users\user\Desktop\7zr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\Desktop\7zr.exe "C:\Users\user\Desktop\7zr.exe" /load
Source: C:\Users\user\Desktop\7zr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B69032 _isatty,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,0_2_00B69032
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B72A5F __EH_prolog,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00B72A5F
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7200:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7372:120:WilError_03
Source: 7zr.exeString found in binary or memory: -help
Source: 7zr.exeString found in binary or memory: Check charset encoding and -scs switch.bsobbbtbdba-helph?asut012sea0-pstlsdelsntsncsnrsnssnzsnonsnoisnisnlsnldsnhspfspespdspmsasscssesswsspslfsltsccscsslpsosishdscrcsemlsfxstmrvuanaxaiiwstxtaoadybspbse : ERROR : unsupported value -stmUnsupported switch postfix for -slp-Unsupported switch postfix -stmSet process affinity mask: SeLockMemoryPrivilegeUnsupported switch postfix -bbSeCreateSymbolicLinkPrivilegeSeRestorePrivilegeIncorrect number of benchmark iterationsOnly one archive can be created with rename commandstdout mode and email mode cannot be combined-ai switch is not supported for this commandUnsupported -snz:1Cannot use absolute pathnames for this command0Archive name cannot by emptyCannot find archive nameUnsupported -spm:2Unsupported -spf:2Unsupported command:The command must be specifiedThere is no second file name for rename pair:Unsupported rename command:-r0-rThe file operation error for listfileIncorrect wildcard type markerToo short switchinorrect switchtftdUnsupported Map data sizeMap data errorUnsupported Map dataMapViewOfFile errorCannot open mappingzero size last volume is not allowedIncorrect volume size:incorrect update switch commandUnsupported charset:P
Source: classification engineClassification label: clean5.winEXE@6/3@0/0
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B68F71 DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,0_2_00B68F71
Source: 7zr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCF140 push eax; ret 0_2_00BCF15E
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCF4C0 push eax; ret 0_2_00BCF4EE
Source: 7zr.exeStatic PE information: section name: .sxdata
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B9A7BC GetCurrentProcess,GetProcessTimes,fputs,memset,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,fputs,__aulldiv,fputs,fputs,__aulldiv,__aulldiv,fputs,0_2_00B9A7BC
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\7zr.exeAPI coverage: 2.6 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B69823 GetSystemInfo,0_2_00B69823
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B665A1 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,0_2_00B665A1
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B671B5 __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,0_2_00B671B5
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B9A7BC GetCurrentProcess,GetProcessTimes,fputs,memset,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,fputs,__aulldiv,fputs,fputs,__aulldiv,__aulldiv,fputs,0_2_00B9A7BC
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCF920 cpuid 0_2_00BCF920
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00BCD230 GetVersion,GetModuleHandleW,GetProcAddress,0_2_00BCD230
Source: C:\Users\user\Desktop\7zr.exeCode function: 0_2_00B6A540 GetSystemTimeAsFileTime,0_2_00B6A540

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts2
Command and Scripting Interpreter		Path Interception1
Access Token Manipulation		1
Access Token Manipulation		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default Accounts1
Native API		Boot or Logon Initialization Scripts1
Process Injection		1
Process Injection		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager15
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1345995 Sample: 7zr.exe Startdate: 21/11/2023 Architecture: WINDOWS Score: 5 5 7zr.exe 1 2->5         started        7 7zr.exe 1 2->7         started        9 7zr.exe 1 2->9         started        process3 11 conhost.exe 5->11         started        13 conhost.exe 7->13         started        15 conhost.exe 9->15         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
7zr.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:38.0.0 Ammolite
Analysis ID:1345995
Start date and time:2023-11-21 19:02:44 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 2m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Cmdline fuzzy
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample file name:7zr.exe
Detection:CLEAN
Classification:clean5.winEXE@6/3@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 90%
  • Number of executed functions: 12
  • Number of non-executed functions: 171
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: 7zr.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\7zr.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):124
Entropy (8bit):4.896731723356167
Encrypted:false
SSDEEP:3:AMVcFXNtMM8TQP6HEMZ4hqFi09XAWWQCBAOIip3pyn:AMKvMiPjMl9X+5zIiTy
MD5:761314158A07379E986AF1767A510240
SHA1:F91E39B6ECFD538C6FCDAD812343355C81A6D0C8
SHA-256:53C8F41201B80B7A219B985C8787F96C76729673F73938B20C3145FDB7FC3E59
SHA-512:609C6858B12972ACCE6F23F046DDC7218573C3F3E128A650C7C6A515C413312A85976A05989122A4B64992B3595D8B6C68B8DDD86DCB8278B9AE4A82810766CC
Malicious:false
Reputation:low
Preview:..7-Zip (r) 23.01 (x86) : Igor Pavlov : Public domain : 2023-06-20........Command Line Error:..Unsupported command:../load..

Static File Info

General

File type:PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):6.634685254929279
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:7zr.exe
File size:584'704 bytes
MD5:58fc6de6c4e5d2fda63565d54feb9e75
SHA1:0586248c327d21efb8787e8ea9f553ddc03493ec
SHA256:72c98287b2e8f85ea7bb87834b6ce1ce7ce7f41a8c97a81b307d4d4bf900922b
SHA512:e7373a9caa023a22cc1f0f4369c2089a939ae40d26999ab5dcab2c5feb427dc9f51f96d91ef078e843301baa5d9335161a2cf015e09e678d56e615d01c8196df
SSDEEP:12288:FSjMK6lrdOCdlki5Zc0EyR35ksye/X16PJz5tghj+:FSjieCd+i5s+Jks1foxz5Whj+
TLSH:AAC49F163AE5C07EC56215318B5D6BB1D1FA93680B224CC763804E6D2F349EAD73BD3A
File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Aes.............~.......j...............j.......j.........B...............@.....3".......{......3"...............v.............

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x46f546
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x64915C80 [Tue Jun 20 08:00:00 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:e259e7887a8fdcfd8f819c076b7ef10c
Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0047FE58h
push 0046F540h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 20h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
and dword ptr [ebp-04h], 00000000h
push 00000001h
call dword ptr [00479170h]
pop ecx
or dword ptr [00490A7Ch], FFFFFFFFh
or dword ptr [00490A80h], FFFFFFFFh
call dword ptr [00479174h]
mov ecx, dword ptr [0048CA3Ch]
mov dword ptr [eax], ecx
call dword ptr [00479178h]
mov ecx, dword ptr [0048CA38h]
mov dword ptr [eax], ecx
mov eax, dword ptr [0047917Ch]
mov eax, dword ptr [eax]
mov dword ptr [00490A78h], eax
call 00007FE848D3056Ah
cmp dword ptr [0048A590h], 00000000h
jne 00007FE848D3049Eh
push 0046F686h
call dword ptr [00479180h]
pop ecx
call 00007FE848D3053Bh
push 0048A0A4h
push 0048A0A0h
call 00007FE848D30526h
mov eax, dword ptr [0048CA34h]
mov dword ptr [ebp-28h], eax
lea eax, dword ptr [ebp-28h]
push eax
push dword ptr [0048CA30h]
lea eax, dword ptr [ebp-20h]
push eax
lea eax, dword ptr [ebp-2Ch]
push eax
lea eax, dword ptr [ebp-1Ch]
push eax
call dword ptr [00479188h]
push 0048A09Ch
push 0048A000h
call 00007FE848D304F3h
Programming Language:
  • [C++] VS98 (6.0) SP6 build 8804
  • [ C ] VS98 (6.0) SP6 build 8804
  • [ C ] VS2010 SP1 build 40219
  • [EXP] VC++ 6.0 SP5 build 8804
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x88f240x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x920000x7d0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x930000x4c10.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x790000x234.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x772550x77400False0.5922759433962265data6.695471436568862IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x790000x10ae00x10c00False0.3563287080223881data4.691523803556424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x8a0000x6a840x600False0.283203125data2.827615551622966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.sxdata0x910000x40x200False0.02734375data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x920000x7d00x800False0.458984375data4.938315255946701IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x930000x569a0x5800False0.58203125data6.148067586389861IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0x920a00x2c4dataEnglishUnited States0.4943502824858757
RT_MANIFEST0x923680x468exported SGML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.47606382978723405
DLLImport
OLEAUT32.dllVariantCopy, SysAllocStringLen, SysAllocString, SysFreeString, SysStringLen, VariantClear
USER32.dllCharUpperW
ADVAPI32.dllOpenProcessToken, GetFileSecurityW, SetFileSecurityW, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW
MSVCRT.dll_controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, _XcptFilter, _exit, _onexit, __dllonexit, ??1type_info@@UAE@XZ, ?terminate@@YAXXZ, _except_handler3, _beginthreadex, exit, realloc, _ftol, memset, strlen, wcscmp, wcsstr, strcmp, memmove, fputs, fputc, fflush, fgetc, _iob, free, malloc, memcmp, _purecall, memcpy, _CxxThrowException, __CxxFrameHandler, _isatty, _fileno
KERNEL32.dllSetThreadAffinityMask, CreateEventW, SetEvent, ResetEvent, CreateSemaphoreW, ReleaseSemaphore, InitializeCriticalSection, WaitForSingleObject, SetFileAttributesW, InterlockedIncrement, GetVersion, VirtualFree, VirtualAlloc, SetConsoleMode, GetConsoleMode, GetVersionExW, SetFileApisToOEM, GetCommandLineW, GetConsoleScreenBufferInfo, SetConsoleCtrlHandler, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, QueryPerformanceFrequency, QueryPerformanceCounter, GetProcessTimes, OpenEventW, OpenFileMappingW, MapViewOfFile, UnmapViewOfFile, SetProcessAffinityMask, GetStdHandle, GetSystemTimeAsFileTime, FileTimeToDosDateTime, IsProcessorFeaturePresent, GlobalMemoryStatus, GetSystemInfo, GetProcessAffinityMask, FileTimeToLocalFileTime, FileTimeToSystemTime, CompareFileTime, GetCurrentProcess, GetDiskFreeSpaceW, SetEndOfFile, WriteFile, GetLastError, MultiByteToWideChar, WideCharToMultiByte, FreeLibrary, LoadLibraryW, GetModuleFileNameW, LocalFree, FormatMessageW, CloseHandle, SetFileTime, CreateFileW, ReadFile, RemoveDirectoryW, MoveFileW, GetProcAddress, GetModuleHandleW, CreateDirectoryW, DeleteFileW, SetLastError, SetCurrentDirectoryW, GetCurrentDirectoryW, GetTempPathW, GetCurrentProcessId, GetTickCount, GetCurrentThreadId, FindClose, FindFirstFileW, FindNextFileW, GetModuleHandleA, GetFileAttributesW, GetFileInformationByHandle, GetLogicalDriveStringsW, GetFileSize, SetFilePointer, DeviceIoControl, ResumeThread

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:19:03:31
Start date:21/11/2023
Path:C:\Users\user\Desktop\7zr.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\7zr.exe" -install
Imagebase:0xb60000
File size:584'704 bytes
MD5 hash:58FC6DE6C4E5D2FDA63565D54FEB9E75
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Token Activities


General

Target ID:1
Start time:19:03:31
Start date:21/11/2023
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:2
Start time:19:03:33
Start date:21/11/2023
Path:C:\Users\user\Desktop\7zr.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\7zr.exe" /install
Imagebase:0xb60000
File size:584'704 bytes
MD5 hash:58FC6DE6C4E5D2FDA63565D54FEB9E75
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Token Activities


General

Target ID:3
Start time:19:03:33
Start date:21/11/2023
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:4
Start time:19:03:36
Start date:21/11/2023
Path:C:\Users\user\Desktop\7zr.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\7zr.exe" /load
Imagebase:0xb60000
File size:584'704 bytes
MD5 hash:58FC6DE6C4E5D2FDA63565D54FEB9E75
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Token Activities


General

Target ID:5
Start time:19:03:36
Start date:21/11/2023
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:0.4%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:2.4%
Total number of Nodes:335
Total number of Limit Nodes:13
Show Legend
Hide Nodes/Edges
execution_graph 54907 bcf5bd __setusermatherr 54908 bcf5c9 54907->54908 54913 bcf674 _controlfp 54908->54913 54910 bcf5ce _initterm __getmainargs _initterm __p___initenv 54911 b9b0cc 54910->54911 54912 bcf629 exit _XcptFilter 54911->54912 54913->54910 54914 b707e4 54915 b707ee __EH_prolog 54914->54915 54965 b613f5 54915->54965 54918 b70838 6 API calls 54920 b70893 54918->54920 54929 b708fe 54920->54929 54992 b70baa 9 API calls 54920->54992 54923 b708e5 54993 b627b7 malloc _CxxThrowException free ctype 54923->54993 54925 b708f2 54994 b61e89 free 54925->54994 54927 b7098f 54979 b70bbf 54927->54979 54929->54927 54930 b80b3c 5 API calls 54929->54930 54932 b709b8 _CxxThrowException 54930->54932 54932->54927 54966 b613ff __EH_prolog 54965->54966 54995 b86cb9 54966->54995 54969 b61438 54999 b61e55 54969->54999 54972 b614f4 54972->54918 54982 b80b3c 54972->54982 54976 b6144d 54976->54972 54977 b61507 54976->54977 55005 b61265 5 API calls 2 library calls 54976->55005 55006 ba6b33 memcpy malloc _CxxThrowException free _CxxThrowException 54976->55006 55007 b61524 malloc _CxxThrowException __EH_prolog ctype 54976->55007 55008 b62f78 malloc _CxxThrowException free ctype 54977->55008 55009 b69032 GetCurrentProcess OpenProcessToken 54979->55009 54983 b80b46 __EH_prolog 54982->54983 55016 b62d90 54983->55016 54988 b7082a _CxxThrowException 54988->54918 54990 b80b6d 55024 b63125 malloc _CxxThrowException free _CxxThrowException 54990->55024 54992->54923 54993->54925 54994->54929 54996 b6142b 54995->54996 54998 b86cc4 54995->54998 54996->54969 55004 b61212 free ctype 54996->55004 54997 b61e89 free ctype 54997->54998 54998->54996 54998->54997 55000 b61e65 malloc 54999->55000 55001 b61e5e 54999->55001 55002 b61e87 55000->55002 55003 b61e73 _CxxThrowException 55000->55003 55001->55000 55002->54976 55003->55002 55004->54969 55005->54976 55006->54976 55007->54976 55008->54972 55010 b690af 55009->55010 55011 b69059 LookupPrivilegeValueW 55009->55011 55012 b690a1 55011->55012 55013 b6906b AdjustTokenPrivileges 55011->55013 55015 b690a4 FindCloseChangeNotification 55012->55015 55013->55012 55014 b69091 GetLastError 55013->55014 55014->55015 55015->55010 55017 b61e55 ctype 2 API calls 55016->55017 55018 b62d9d 55017->55018 55019 b631ad 55018->55019 55020 b631bf 55019->55020 55025 b62b98 55020->55025 55023 b630fe malloc _CxxThrowException free _CxxThrowException 55023->54990 55024->54988 55026 b62bdc 55025->55026 55028 b62bac 55025->55028 55026->54988 55026->55023 55027 b62be2 _CxxThrowException 55028->55027 55029 b62bd5 55028->55029 55031 b62a99 malloc _CxxThrowException free ctype 55029->55031 55031->55026 55032 b9b16d 55039 b9b3e2 55032->55039 55035 b9b193 55040 b9b3eb 55039->55040 55041 b9b178 55040->55041 55042 b9b3f5 fputs fputs 55040->55042 55041->55035 55044 b61ffc 55041->55044 55057 b61fe9 fputc 55042->55057 55045 b62006 __EH_prolog 55044->55045 55058 b626d9 55045->55058 55049 b62023 55062 b62059 55049->55062 55051 b62036 55065 b61e89 free 55051->55065 55053 b6203e 55066 b61e89 free 55053->55066 55055 b62046 55056 b61fe9 fputc 55055->55056 55056->55035 55057->55041 55059 b61e55 ctype 2 API calls 55058->55059 55060 b62014 55059->55060 55061 b62dd3 malloc _CxxThrowException 55060->55061 55061->55049 55067 b6207c 55062->55067 55065->55053 55066->55055 55068 b62084 55067->55068 55069 b6208e 55068->55069 55070 b6209d 55068->55070 55074 b6425c malloc _CxxThrowException free _CxxThrowException _CxxThrowException 55069->55074 55075 b63922 9 API calls 55070->55075 55073 b6206b fputs 55073->55051 55074->55073 55075->55073 55076 b9876c 55160 b9a3e5 55076->55160 55079 b98792 55166 b70c42 55079->55166 55080 b61ffc 11 API calls 55080->55079 55082 b987a4 55083 b987fd 55082->55083 55084 b987e6 GetStdHandle GetConsoleScreenBufferInfo 55082->55084 55085 b61e55 ctype 2 API calls 55083->55085 55084->55083 55086 b9880b 55085->55086 55287 b86946 10 API calls 2 library calls 55086->55287 55088 b98858 55288 b9a7a1 _CxxThrowException 55088->55288 55090 b9885f 55289 b85de6 8 API calls 2 library calls 55090->55289 55092 b988ab 55290 b8cb95 6 API calls 2 library calls 55092->55290 55093 b98895 _CxxThrowException 55093->55092 55095 b988d5 55097 b988d9 _CxxThrowException 55095->55097 55105 b988ef 55095->55105 55096 b98866 55096->55092 55096->55093 55097->55105 55098 b98969 55294 b61fe9 fputc 55098->55294 55100 b98a29 _CxxThrowException 55155 b98a15 55100->55155 55102 b98992 fputs 55295 b61fe9 fputc 55102->55295 55105->55098 55105->55100 55291 b86bd5 7 API calls 2 library calls 55105->55291 55292 b9aeab 6 API calls 55105->55292 55293 b61e89 free 55105->55293 55106 b989a8 strlen strlen 55108 b989d9 fputs fputc 55106->55108 55109 b98c54 55106->55109 55108->55155 55302 b61fe9 fputc 55109->55302 55111 b98c5b fputs 55303 b61fe9 fputc 55111->55303 55113 b98d3b 55308 b61fe9 fputc 55113->55308 55117 b9a4b1 12 API calls 55117->55155 55118 b98d42 fputs 55309 b61fe9 fputc 55118->55309 55120 b98dce 55122 b99a69 55120->55122 55124 b99a64 55120->55124 55315 b9a7a1 _CxxThrowException 55122->55315 55123 b62d90 2 API calls 55123->55155 55314 b9a7bc 33 API calls __aulldiv 55124->55314 55128 b99a71 55316 b61e89 free 55128->55316 55132 b99a7c 55317 b82046 free ctype 55132->55317 55134 b98d58 55134->55120 55148 b98da6 fputs 55134->55148 55310 b9a484 fputc fputs fputs fputc 55134->55310 55311 b9a41d fputc fputs 55134->55311 55312 b9ac18 fputc fputs 55134->55312 55135 b99a8c 55318 b61e89 free 55135->55318 55136 b98b59 fputs 55299 b62221 fputs 55136->55299 55137 b631ad 4 API calls 55137->55155 55141 b99aac 55319 b611c2 free __EH_prolog ctype 55141->55319 55142 b98b8e fputs 55142->55155 55144 b63171 malloc _CxxThrowException free _CxxThrowException 55144->55155 55147 b98c71 55147->55113 55154 b98d0f fputs 55147->55154 55304 b9a484 fputc fputs fputs fputc 55147->55304 55305 b62221 fputs 55147->55305 55306 b9ac18 fputc fputs 55147->55306 55313 b61fe9 fputc 55148->55313 55149 b99ab8 55320 b9ac40 free __EH_prolog ctype 55149->55320 55307 b61fe9 fputc 55154->55307 55155->55108 55155->55109 55155->55117 55155->55123 55155->55136 55155->55137 55155->55142 55155->55144 55296 b62221 fputs 55155->55296 55297 b630ea malloc _CxxThrowException free _CxxThrowException 55155->55297 55298 b61089 malloc _CxxThrowException free _CxxThrowException 55155->55298 55300 b61fe9 fputc 55155->55300 55301 b61e89 free 55155->55301 55156 b99ac7 55321 b91b84 free ctype 55156->55321 55159 b99ad3 55161 b98779 55160->55161 55162 b9a3f0 fputs 55160->55162 55161->55079 55161->55080 55322 b61fe9 fputc 55162->55322 55164 b9a409 55164->55161 55165 b9a40d fputs 55164->55165 55165->55161 55167 b70c5e 55166->55167 55168 b70c7b 55166->55168 55169 b80b3c 5 API calls 55167->55169 55323 b716fa malloc _CxxThrowException free ctype 55168->55323 55171 b70c6d _CxxThrowException 55169->55171 55171->55168 55172 b70c8d 55173 b70cb2 55172->55173 55174 b80b3c 5 API calls 55172->55174 55175 b70ccb 55173->55175 55324 b64f89 memcpy malloc _CxxThrowException free _CxxThrowException 55173->55324 55176 b70ca4 _CxxThrowException 55174->55176 55178 b70ce9 55175->55178 55325 b62f78 malloc _CxxThrowException free ctype 55175->55325 55176->55173 55180 b70d31 wcscmp 55178->55180 55188 b70d45 55178->55188 55181 b70dbe 55180->55181 55180->55188 55182 b80b3c 5 API calls 55181->55182 55184 b70dcd _CxxThrowException 55182->55184 55183 b70db8 55326 b72635 6 API calls 2 library calls 55183->55326 55184->55188 55186 b70e03 55327 b72635 6 API calls 2 library calls 55186->55327 55188->55183 55192 b70ea9 55188->55192 55189 b70e17 55190 b70e44 55189->55190 55328 b71b13 62 API calls 2 library calls 55189->55328 55197 b70e68 55190->55197 55329 b71b13 62 API calls 2 library calls 55190->55329 55194 b80b3c 5 API calls 55192->55194 55195 b70eb8 _CxxThrowException 55194->55195 55195->55197 55196 b70f8e 55331 b717b8 50 API calls 2 library calls 55196->55331 55197->55196 55199 b70f54 55197->55199 55202 b80b3c 5 API calls 55197->55202 55330 b62f78 malloc _CxxThrowException free ctype 55199->55330 55201 b70fbc 55204 b70fe8 55201->55204 55332 b62f78 malloc _CxxThrowException free ctype 55201->55332 55205 b70f46 _CxxThrowException 55202->55205 55203 b70f6b 55203->55196 55208 b80b3c 5 API calls 55203->55208 55207 b71011 55204->55207 55333 b62f78 malloc _CxxThrowException free ctype 55204->55333 55205->55199 55334 b64f89 memcpy malloc _CxxThrowException free _CxxThrowException 55207->55334 55211 b70f80 _CxxThrowException 55208->55211 55211->55196 55212 b71024 55335 b7255b 5 API calls 2 library calls 55212->55335 55214 b71031 55215 b713d5 55214->55215 55227 b710b0 55214->55227 55216 b715dd 55215->55216 55217 b7140f 55215->55217 55219 b80b3c 5 API calls 55215->55219 55218 b71649 55216->55218 55228 b715e4 55216->55228 55347 b71ffb 14 API calls 2 library calls 55217->55347 55221 b716b4 55218->55221 55222 b7164e 55218->55222 55223 b71401 _CxxThrowException 55219->55223 55224 b716bd _CxxThrowException 55221->55224 55279 b7135c 55221->55279 55352 b64eb5 16 API calls 55222->55352 55223->55217 55225 b71422 55348 b72722 memcpy malloc _CxxThrowException free _CxxThrowException 55225->55348 55231 b71189 wcscmp 55227->55231 55247 b7119d 55227->55247 55236 b80b3c 5 API calls 55228->55236 55228->55279 55230 b7165b 55353 b64e6a 8 API calls 55230->55353 55234 b711de wcscmp 55231->55234 55231->55247 55237 b711fe wcscmp 55234->55237 55234->55247 55239 b7162f _CxxThrowException 55236->55239 55240 b7121e 55237->55240 55237->55247 55238 b71662 55354 b64f89 memcpy malloc _CxxThrowException free _CxxThrowException 55238->55354 55239->55279 55242 b80b3c 5 API calls 55240->55242 55245 b7122d _CxxThrowException 55242->55245 55243 b71431 55244 b714de 55243->55244 55349 b62f78 malloc _CxxThrowException free ctype 55243->55349 55249 b7158f 55244->55249 55254 b7152e 55244->55254 55259 b80b3c 5 API calls 55244->55259 55248 b7123b 55245->55248 55247->55248 55252 b80b3c 5 API calls 55247->55252 55336 b64eb5 16 API calls 55247->55336 55337 b64e6a 8 API calls 55247->55337 55250 b71278 55248->55250 55338 b71b13 62 API calls 2 library calls 55248->55338 55253 b715aa 55249->55253 55351 b62f78 malloc _CxxThrowException free ctype 55249->55351 55256 b7129b 55250->55256 55339 b71b13 62 API calls 2 library calls 55250->55339 55251 b714b8 55251->55244 55350 b634ef memmove 55251->55350 55257 b711d0 _CxxThrowException 55252->55257 55267 b80b3c 5 API calls 55253->55267 55253->55279 55254->55249 55263 b71556 55254->55263 55268 b80b3c 5 API calls 55254->55268 55261 b712b3 55256->55261 55340 b71770 memcpy malloc _CxxThrowException free _CxxThrowException 55256->55340 55257->55234 55262 b71520 _CxxThrowException 55259->55262 55341 b64eb5 16 API calls 55261->55341 55262->55254 55263->55249 55269 b80b3c 5 API calls 55263->55269 55271 b715cf _CxxThrowException 55267->55271 55272 b71548 _CxxThrowException 55268->55272 55273 b71581 _CxxThrowException 55269->55273 55270 b712bc 55342 b808d0 49 API calls 55270->55342 55271->55216 55272->55263 55273->55249 55275 b712c3 55343 b64e6a 8 API calls 55275->55343 55277 b712ca 55281 b712e5 55277->55281 55344 b62f78 malloc _CxxThrowException free ctype 55277->55344 55279->55082 55280 b7132e 55280->55279 55345 b62f78 malloc _CxxThrowException free ctype 55280->55345 55281->55279 55281->55280 55282 b80b3c 5 API calls 55281->55282 55284 b71320 _CxxThrowException 55282->55284 55284->55280 55285 b7134e 55346 b682bd malloc _CxxThrowException free _CxxThrowException 55285->55346 55287->55088 55288->55090 55289->55096 55290->55095 55291->55105 55292->55105 55293->55105 55294->55102 55295->55106 55296->55155 55297->55155 55298->55155 55299->55155 55300->55155 55301->55155 55302->55111 55303->55147 55304->55147 55305->55147 55306->55147 55307->55147 55308->55118 55309->55134 55310->55134 55311->55134 55312->55134 55313->55134 55314->55122 55315->55128 55316->55132 55317->55135 55318->55141 55319->55149 55320->55156 55321->55159 55322->55164 55323->55172 55324->55175 55325->55178 55326->55186 55327->55189 55328->55190 55329->55197 55330->55203 55331->55201 55332->55204 55333->55207 55334->55212 55335->55214 55336->55247 55337->55247 55338->55250 55339->55256 55340->55261 55341->55270 55342->55275 55343->55277 55344->55281 55345->55285 55346->55279 55347->55225 55348->55243 55349->55251 55350->55244 55351->55253 55352->55230 55353->55238 55354->55279 55355 b9b136 55356 b9b37f 55355->55356 55359 b9423b SetConsoleCtrlHandler 55356->55359 55358 b9b38b 55359->55358 55360 b99be6 55361 b99bf0 __EH_prolog 55360->55361 55362 b626d9 2 API calls 55361->55362 55363 b99c4c 55362->55363 55364 b62d90 2 API calls 55363->55364 55365 b99c67 55364->55365 55366 b62d90 2 API calls 55365->55366 55367 b99c73 55366->55367 55368 b62d90 2 API calls 55367->55368 55369 b99c97 55368->55369 55376 b99b58 55369->55376 55373 b99cc3 55374 b62d90 2 API calls 55373->55374 55375 b99ce1 55374->55375 55377 b99b62 __EH_prolog 55376->55377 55378 b62d90 2 API calls 55377->55378 55379 b99b8e 55378->55379 55380 b62d90 2 API calls 55379->55380 55381 b99ba1 55380->55381 55382 b99d5c 55381->55382 55383 b99d66 __EH_prolog 55382->55383 55394 b72203 malloc _CxxThrowException __EH_prolog 55383->55394 55385 b99ddb 55386 b62d90 2 API calls 55385->55386 55387 b99dea 55386->55387 55388 b62d90 2 API calls 55387->55388 55389 b99df9 55388->55389 55390 b62d90 2 API calls 55389->55390 55391 b99e08 55390->55391 55392 b62d90 2 API calls 55391->55392 55393 b99e17 55392->55393 55393->55373 55394->55385

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 567 b69032-b69057 GetCurrentProcess OpenProcessToken 568 b690af 567->568 569 b69059-b69069 LookupPrivilegeValueW 567->569 572 b690b2-b690b7 568->572 570 b690a1 569->570 571 b6906b-b6908f AdjustTokenPrivileges 569->571 574 b690a4-b690ad FindCloseChangeNotification 570->574 571->570 573 b69091-b6909f GetLastError 571->573 573->574 574->572
APIs
  • GetCurrentProcess.KERNEL32(00000020,00B70BCB,?,7597AB50,?,?,?,?,00B70BCB,00B709F5), ref: 00B69048
  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,00B70BCB,00B709F5), ref: 00B6904F
  • LookupPrivilegeValueW.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 00B69061
  • AdjustTokenPrivileges.ADVAPI32(00B70BCB,00000000,?,00000000,00000000,00000000), ref: 00B69087
  • GetLastError.KERNEL32 ref: 00B69091
  • FindCloseChangeNotification.KERNELBASE(00B70BCB,?,?,?,?,00B70BCB,00B709F5), ref: 00B690A7
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ProcessToken$AdjustChangeCloseCurrentErrorFindLastLookupNotificationOpenPrivilegePrivilegesValue
  • String ID: SeRestorePrivilege
  • API String ID: 2838110999-1684392131
  • Opcode ID: 99fa60b6474ec5a5c8f4863225f985acafcdaa2fefe5e074e4a1adf5076c0ff4
  • Instruction ID: 16d8ac8f14c6d592593071aba0320983201322b9b0d0180ac565c0f5cfc814fe
  • Opcode Fuzzy Hash: 99fa60b6474ec5a5c8f4863225f985acafcdaa2fefe5e074e4a1adf5076c0ff4
  • Instruction Fuzzy Hash: 21019275942218AFDB105BF1AC99BDFBFBCEF05300F0400A5E945E3151EA768649DBE0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70C76
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70CAD
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70DD6
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70EC1
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70F4F
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70F89
    • Part of subcall function 00B717B8: __EH_prolog.LIBCMT ref: 00B717BD
    • Part of subcall function 00B717B8: _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B718D0
    • Part of subcall function 00B717B8: _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B718EE
  • wcscmp.MSVCRT ref: 00B71191
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B711D9
  • wcscmp.MSVCRT ref: 00B711E6
  • wcscmp.MSVCRT ref: 00B71206
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B71236
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B71329
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B7140A
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B71529
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B71551
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B7158A
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B715D8
  • wcscmp.MSVCRT ref: 00B70D39
    • Part of subcall function 00B80B3C: __EH_prolog.LIBCMT ref: 00B80B41
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B71638
  • _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00B716CD
Strings
  • Incorrect number of benchmark iterations, xrefs: 00B71625
  • -ai switch is not supported for this command, xrefs: 00B713F4
  • Cannot use absolute pathnames for this command, xrefs: 00B711C3
  • Unsupported -spf:, xrefs: 00B70DC3
  • Archive name cannot by empty, xrefs: 00B70F73
  • Unsupported -spm:, xrefs: 00B70EAE
  • Only one archive can be created with rename command, xrefs: 00B715C2
  • The command must be specified, xrefs: 00B70C60
  • stdout mode and email mode cannot be combined, xrefs: 00B71513
  • Unsupported -snz:, xrefs: 00B71223
  • Unsupported command:, xrefs: 00B70C9A
  • Cannot find archive name, xrefs: 00B70F39
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrow$wcscmp$H_prolog
  • String ID: -ai switch is not supported for this command$Archive name cannot by empty$Cannot find archive name$Cannot use absolute pathnames for this command$Incorrect number of benchmark iterations$Only one archive can be created with rename command$The command must be specified$Unsupported -snz:$Unsupported -spf:$Unsupported -spm:$Unsupported command:$stdout mode and email mode cannot be combined
  • API String ID: 2571898395-1495777518
  • Opcode ID: 6300a6716318c02bfa932bc9bf2769ba096fd0678171158d8f5004dcdec7fcf4
  • Instruction ID: da092b7807ae39cbacde6b1d11265ff7b20b1accbc7c1583fb38619242fe080d
  • Opcode Fuzzy Hash: 6300a6716318c02bfa932bc9bf2769ba096fd0678171158d8f5004dcdec7fcf4
  • Instruction Fuzzy Hash: 3972B630504385DFDB25EFA8C484BEDBBF1EF15304F1884E9E4696B2A2D774A948CB21
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 268 b9876c-b9877f call b9a3e5 271 b98781-b9878d call b61ffc 268->271 272 b98792-b9879f call b70c42 268->272 271->272 275 b987a4-b987ad 272->275 276 b987af-b987b9 275->276 277 b987be-b987c7 275->277 276->277 278 b987c9-b987d5 277->278 279 b987d7 277->279 278->279 280 b987da-b987e4 278->280 279->280 281 b98804-b98833 call b61e55 call b99ae5 280->281 282 b987e6-b987fb GetStdHandle GetConsoleScreenBufferInfo 280->282 290 b9883b-b98877 call b86946 call b9a7a1 call b85de6 call b707aa 281->290 291 b98835-b98837 281->291 282->281 284 b987fd-b98801 282->284 284->281 300 b98879-b9887b 290->300 301 b988ab-b988d7 call b8cb95 290->301 291->290 302 b9887d-b98884 300->302 303 b98895-b988a6 _CxxThrowException 300->303 308 b988d9-b988ea _CxxThrowException 301->308 309 b988ef-b9890d 301->309 302->303 305 b98886-b98893 call b707ce 302->305 303->301 305->301 305->303 308->309 311 b98969-b98984 309->311 312 b9890f-b98933 call b86bd5 309->312 315 b9898b-b989d3 call b61fe9 fputs call b61fe9 strlen * 2 311->315 316 b98986 311->316 318 b98a29-b98a3a _CxxThrowException 312->318 319 b98939-b9893d 312->319 331 b989d9-b98a13 fputs fputc 315->331 332 b98c54-b98c7c call b61fe9 fputs call b61fe9 315->332 316->315 322 b98a3f 318->322 319->318 321 b98943-b98967 call b9aeab call b61e89 319->321 321->311 321->312 325 b98a41-b98a54 322->325 335 b98a15-b98a1f 325->335 336 b98a56-b98a62 325->336 331->335 331->336 344 b98d3b-b98d63 call b61fe9 fputs call b61fe9 332->344 345 b98c82 332->345 335->322 337 b98a21-b98a27 335->337 342 b98ab0-b98ae0 call b9a4b1 call b62d90 336->342 343 b98a64-b98a6c 336->343 337->325 385 b98b3f-b98b57 call b9a4b1 342->385 386 b98ae2-b98ae6 342->386 346 b98a9a-b98aaf call b62221 343->346 347 b98a6e-b98a79 343->347 367 b98d69 344->367 368 b99a52-b99a59 344->368 349 b98c89-b98c9e call b9a484 345->349 346->342 351 b98a7b-b98a81 347->351 352 b98a83 347->352 364 b98caa-b98cad call b62221 349->364 365 b98ca0-b98ca8 349->365 357 b98a85-b98a98 351->357 352->357 357->346 357->347 376 b98cb2-b98d35 call b9ac18 fputs call b61fe9 364->376 365->376 373 b98d70-b98dcc call b9a484 call b9a41d call b9ac18 fputs call b61fe9 367->373 371 b99a69-b99a95 call b9a7a1 call b61e89 call b82046 368->371 372 b99a5b-b99a62 368->372 410 b99a9d-b99ae4 call b61e89 call b611c2 call b9ac40 call b91b84 371->410 411 b99a97-b99a99 371->411 372->371 377 b99a64 call b9a7bc 372->377 448 b98dce 373->448 376->344 376->349 377->371 406 b98b59-b98b79 fputs call b62221 385->406 407 b98b7a-b98b82 385->407 390 b98ae8-b98aeb call b630ea 386->390 391 b98af0-b98b0c call b63171 386->391 390->391 401 b98b0e-b98b2f call b631ad call b63171 call b61089 391->401 402 b98b34-b98b3d 391->402 401->402 402->385 402->386 406->407 413 b98b88-b98b8c 407->413 414 b98c2e-b98c4e call b61fe9 call b61e89 407->414 411->410 421 b98b9d-b98bb1 413->421 422 b98b8e-b98b9c fputs 413->422 414->331 414->332 429 b98c1f-b98c28 421->429 430 b98bb3-b98bb7 421->430 422->421 429->413 429->414 436 b98bb9-b98bc3 430->436 437 b98bc4-b98bce 430->437 436->437 442 b98bd0-b98bd2 437->442 443 b98bd4-b98be0 437->443 442->443 452 b98c07-b98c1d 442->452 446 b98be2-b98be5 443->446 447 b98be7 443->447 453 b98bea-b98bfd 446->453 447->453 448->368 452->429 452->430 460 b98bff-b98c02 453->460 461 b98c04 453->461 460->452 461->452
APIs
    • Part of subcall function 00B9A3E5: fputs.MSVCRT ref: 00B9A3FE
    • Part of subcall function 00B9A3E5: fputs.MSVCRT ref: 00B9A415
  • GetStdHandle.KERNEL32(000000F5,?,?,?,?,?,?,?), ref: 00B987EC
  • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?,?,?,?,?), ref: 00B987F3
  • _CxxThrowException.MSVCRT(?,00BE0AD8), ref: 00B988A6
  • _CxxThrowException.MSVCRT(?,00BE0AD8), ref: 00B988EA
    • Part of subcall function 00B61FFC: __EH_prolog.LIBCMT ref: 00B62001
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrowfputs$BufferConsoleH_prologHandleInfoScreen
  • String ID: $ || $Codecs:$Formats:$Hashers:$KSNFMGOPBELHXCc+a+m+r+$P$offset=$S
  • API String ID: 377453556-626468309
  • Opcode ID: 9492e9b86932a0916e13de9189e53f752d21506ee05aeb88b72a540a8d541ac6
  • Instruction ID: 8eba634ff240d5779717603270393099b3baf5a75f7fac9b39c5cc602194fd41
  • Opcode Fuzzy Hash: 9492e9b86932a0916e13de9189e53f752d21506ee05aeb88b72a540a8d541ac6
  • Instruction Fuzzy Hash: 7F227C71900208DFDF15EFA4D885BADBBF1FF49310F2440AAE445AB292DB359A85CF61
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 462 b707e4-b7081a call bcf140 call b613f5 467 b7081c-b70833 call b80b3c _CxxThrowException 462->467 468 b70838-b70891 _fileno _isatty _fileno _isatty _fileno _isatty 462->468 467->468 470 b708a3-b708a5 468->470 471 b70893-b70897 468->471 474 b708a6-b708d3 470->474 471->470 473 b70899-b7089d 471->473 473->470 475 b7089f-b708a1 473->475 476 b708d5-b708fe call b70baa call b627b7 call b61e89 474->476 477 b708ff-b70918 474->477 475->474 476->477 478 b70926 477->478 479 b7091a-b7091e 477->479 482 b7092d-b70931 478->482 479->478 481 b70920-b70924 479->481 481->478 481->482 484 b70933 482->484 485 b7093a-b70944 482->485 484->485 487 b70946-b70949 485->487 488 b7094f-b70959 485->488 487->488 490 b70964-b7096e 488->490 491 b7095b-b7095e 488->491 493 b70970-b70973 490->493 494 b70979-b7097f 490->494 491->490 493->494 496 b70981-b7098d 494->496 497 b709cf-b709d8 494->497 500 b7098f-b70999 496->500 501 b7099b-b709a7 call b70bd7 496->501 498 b709f0 call b70bbf 497->498 499 b709da-b709ec 497->499 505 b709f5-b709fe 498->505 499->498 500->497 506 b709c6-b709c9 501->506 507 b709a9-b709c1 call b80b3c _CxxThrowException 501->507 508 b70a00-b70a10 505->508 509 b70a3d-b70a46 505->509 506->497 507->506 513 b70a16 508->513 514 b70ac8-b70ada wcscmp 508->514 511 b70a4c-b70a58 509->511 512 b70b99-b70ba7 509->512 511->512 518 b70a5e-b70a99 call b626d9 call b62808 call b631ad call b63c2c 511->518 517 b70a1d-b70a25 call b690b8 513->517 516 b70ae0-b70aec call b70bd7 514->516 514->517 516->517 526 b70af2-b70b0a call b80b3c _CxxThrowException 516->526 517->509 525 b70a27-b70a38 call bbb320 call b69032 517->525 546 b70aa5-b70aa9 518->546 547 b70a9b-b70aa2 518->547 525->509 535 b70b0f-b70b12 526->535 538 b70b37-b70b50 call b70c1b GetCurrentProcess SetProcessAffinityMask 535->538 539 b70b14 535->539 551 b70b52-b70b88 GetLastError call b631ad call b655c8 call b63171 call b61e89 538->551 552 b70b89-b70b98 call b630fe call b61e89 538->552 542 b70b16-b70b18 539->542 543 b70b1a-b70b32 call b80b3c _CxxThrowException 539->543 542->538 542->543 543->538 546->535 550 b70aab-b70ac3 call b80b3c _CxxThrowException 546->550 547->546 550->514 551->552 552->512
APIs
  • __EH_prolog.LIBCMT ref: 00B707E9
    • Part of subcall function 00B613F5: __EH_prolog.LIBCMT ref: 00B613FA
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70833
  • _fileno.MSVCRT ref: 00B70844
  • _isatty.MSVCRT ref: 00B7084D
  • _fileno.MSVCRT ref: 00B70863
  • _isatty.MSVCRT ref: 00B70866
  • _fileno.MSVCRT ref: 00B70879
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B709C1
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70AC3
  • wcscmp.MSVCRT ref: 00B70AD0
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70B0A
  • _isatty.MSVCRT ref: 00B7087C
    • Part of subcall function 00B80B3C: __EH_prolog.LIBCMT ref: 00B80B41
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B70B32
  • GetCurrentProcess.KERNEL32(00000000,00000000,?,Set process affinity mask: ,?), ref: 00B70B41
  • SetProcessAffinityMask.KERNEL32(00000000), ref: 00B70B48
  • GetLastError.KERNEL32(?,Set process affinity mask: ,?), ref: 00B70B52
Strings
  • SeLockMemoryPrivilege, xrefs: 00B70A2E
  • Unsupported switch postfix -bb, xrefs: 00B709AE
  • unsupported value -stm, xrefs: 00B70B1F
  • Set process affinity mask: , xrefs: 00B70A7A
  • : ERROR : , xrefs: 00B70B58
  • Unsupported switch postfix for -slp, xrefs: 00B70AF7
  • Unsupported switch postfix -stm, xrefs: 00B70AB0
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrow$H_prolog_fileno_isatty$Process$AffinityCurrentErrorLastMaskwcscmp
  • String ID: : ERROR : $SeLockMemoryPrivilege$Set process affinity mask: $Unsupported switch postfix -bb$Unsupported switch postfix -stm$Unsupported switch postfix for -slp$unsupported value -stm
  • API String ID: 1826148334-1115009270
  • Opcode ID: ece7e7eb76a61ee6f392b5704a24c82c7ec5dcfa447e5a297075c71086e7a187
  • Instruction ID: 720a233214c1b9e2c327ac97658795c097f69c8e69e462c425dcd058c61ec51a
  • Opcode Fuzzy Hash: ece7e7eb76a61ee6f392b5704a24c82c7ec5dcfa447e5a297075c71086e7a187
  • Instruction Fuzzy Hash: 85C1D271900345DFEB11EFB8C888BD9BBF5EF15304F1484DAE4A9A72A2CB74A944CB11
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: _initterm$__getmainargs__p___initenv__p__commode__p__fmode__set_app_type
  • String ID:
  • API String ID: 4012487245-0
  • Opcode ID: f5063ca1fb6fa7112577002338f5bd426eb88f29b51c61c306a857d878f12cd4
  • Instruction ID: 6c4898b7abcbad92e705087e2cd073f0ef135c39849ae554f1e604e0064894ac
  • Opcode Fuzzy Hash: f5063ca1fb6fa7112577002338f5bd426eb88f29b51c61c306a857d878f12cd4
  • Instruction Fuzzy Hash: 31211D7190124AEFCB11AFA4DC99EADBBB9FB09711F0042AAE512A32B1DB345400CF61
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • __setusermatherr.MSVCRT ref: 00BCF5C2
    • Part of subcall function 00BCF674: _controlfp.MSVCRT ref: 00BCF67E
  • _initterm.MSVCRT ref: 00BCF5D8
  • __getmainargs.MSVCRT ref: 00BCF5FB
  • _initterm.MSVCRT ref: 00BCF60B
  • __p___initenv.MSVCRT ref: 00BCF610
  • exit.KERNELBASE ref: 00BCF630
  • _XcptFilter.MSVCRT ref: 00BCF642
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: _initterm$FilterXcpt__getmainargs__p___initenv__setusermatherr_controlfpexit
  • String ID:
  • API String ID: 279829931-0
  • Opcode ID: 2f07670848d03c87208f18006eafc31d6fdfe0901bbf69a856637b37bfdb5791
  • Instruction ID: c93ee7140f70669a0994726ac6c5cda2b290dad5c942f1f69e6d3c5f72024b07
  • Opcode Fuzzy Hash: 2f07670848d03c87208f18006eafc31d6fdfe0901bbf69a856637b37bfdb5791
  • Instruction Fuzzy Hash: 4B019B7590120AAFCF059BE0DC59CEDBBB9FF4971171000AAF511B7261DB35A500DB21
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 589 b9a3e5-b9a3ee 590 b9a419-b9a41c 589->590 591 b9a3f0-b9a404 fputs call b61fe9 589->591 593 b9a409-b9a40b 591->593 593->590 594 b9a40d-b9a418 fputs 593->594 594->590
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$fputc
  • String ID:
  • API String ID: 1185151155-0
  • Opcode ID: bdaca78d1a0f70993ffd0965bb7d4f609d6bc4245d908c0e692f9e89d08be72b
  • Instruction ID: ed14ee5badbc4d501645009491729e8289fe009e7dfd05407f6e19037b56f8cf
  • Opcode Fuzzy Hash: bdaca78d1a0f70993ffd0965bb7d4f609d6bc4245d908c0e692f9e89d08be72b
  • Instruction Fuzzy Hash: A5E0C23B20A2206E9E152B48BC12C547BD9EBC9771329007FF980933A1AFA31C145FE9
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 595 b9b3e2-b9b3f3 call b9b3d2 598 b9b415-b9b417 595->598 599 b9b3f5-b9b40f fputs * 2 call b61fe9 595->599 601 b9b414 599->601 601->598
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$fputc
  • String ID:
  • API String ID: 1185151155-0
  • Opcode ID: 5b2e613b94402dea076cc6ff757b4243d22696ace45013b7bcd7279e08fda32c
  • Instruction ID: 2c9579ede54907b677aacd5b451998016a45b84a239ebde4375f93d789e76f6d
  • Opcode Fuzzy Hash: 5b2e613b94402dea076cc6ff757b4243d22696ace45013b7bcd7279e08fda32c
  • Instruction Fuzzy Hash: AFD0123270112467CA117B996C92C5EA39DDFC4B1031904AAF94457352DB6598515FB1
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 602 b61e55-b61e5c 603 b61e65-b61e71 malloc 602->603 604 b61e5e 602->604 605 b61e87-b61e88 603->605 606 b61e73-b61e82 _CxxThrowException 603->606 604->603 606->605
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrowmalloc
  • String ID:
  • API String ID: 2436765578-0
  • Opcode ID: 7d8afed9eef349937fb75bc79596c78c87eee1c7d15f5a654db04fc56cb90823
  • Instruction ID: b92484b78396f35ed6b12e1908059371ba8b930cf36ff49b08c55a61a5dbfc5b
  • Opcode Fuzzy Hash: 7d8afed9eef349937fb75bc79596c78c87eee1c7d15f5a654db04fc56cb90823
  • Instruction Fuzzy Hash: D6E08C3010024CAACF00AFA0C804B993BA89B01754F4490A9F8085E112D675C3C48780
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • __EH_prolog.LIBCMT ref: 00B99BEB
    • Part of subcall function 00B99B58: __EH_prolog.LIBCMT ref: 00B99B5D
    • Part of subcall function 00B99D5C: __EH_prolog.LIBCMT ref: 00B99D61
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID:
  • API String ID: 3519838083-0
  • Opcode ID: 410d7e4f55a8506f0b0cad5f43c284a06daa18e3f324ca8aab8d3c12df4d4c73
  • Instruction ID: 69cd04d4cd7121c5953e085788229cc4839486bbbd44395182ba20b88878f3b5
  • Opcode Fuzzy Hash: 410d7e4f55a8506f0b0cad5f43c284a06daa18e3f324ca8aab8d3c12df4d4c73
  • Instruction Fuzzy Hash: 4541DA7244ABC0DED326DF7880956C6FFE06F35204F98C9AED4DA43742D674A608C766
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 633 b62059-b62079 call b6207c fputs
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs
  • String ID:
  • API String ID: 1795875747-0
  • Opcode ID: b3b24140e7b870a80343f475b18f2ddab464040459f8261e0f0d70ca41d29f1a
  • Instruction ID: c38db6387835c52c20f0f8b41b3bbe61eba6f698af49071cc9ddd9db7d2e5aa9
  • Opcode Fuzzy Hash: b3b24140e7b870a80343f475b18f2ddab464040459f8261e0f0d70ca41d29f1a
  • Instruction Fuzzy Hash: 79D0C936008251AFA7256F15EC09C8BFFA5FFD9720721082FF480521A09B626825DA60
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 636 b61fe9-b61ffb fputc
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputc
  • String ID:
  • API String ID: 1992160199-0
  • Opcode ID: 781ec9a69bf7f782d02d0d2f29a4eae39b92f54800bb4fb516c7a7ec57369398
  • Instruction ID: 1a47e94d51b95e0834bb6dd0b08f091da87a964ce69b25e921319774ee1745bd
  • Opcode Fuzzy Hash: 781ec9a69bf7f782d02d0d2f29a4eae39b92f54800bb4fb516c7a7ec57369398
  • Instruction Fuzzy Hash: F5B09232309220ABE6181A98BC0AAC0A794DB09B32B25009BF948D2190AEA11C814A95
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

APIs
  • __EH_prolog.LIBCMT ref: 00B7AA4A
    • Part of subcall function 00B7DB91: __EH_prolog.LIBCMT ref: 00B7DB96
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: $ $ $ (Cmplx)$*$@$@$AES128$AES192$Avg:$Avr:$CPU$CPU hardware threads:$CRC$Compressing$Decompressing$Dict$Dictionary reduced to: $E/U$Effec$KiB/s$LZMA$MB/s$MIPS$Method$R/U$Rating$Size$Speed$T CPU Freq (MHz):$THRD$Tot:$Usage$crc32$file$file size =$freq$freq=$hash$mts$size: $tic$time$timems
  • API String ID: 3519838083-768847781
  • Opcode ID: 5fa97d28101c586ea5b19aece949fa6aa0eef76d2959212a4c3118a5fa82faa5
  • Instruction ID: 3030f854ec7cbff348f23554c52297ec6c6d046349f46a41bb44779c4064e9c3
  • Opcode Fuzzy Hash: 5fa97d28101c586ea5b19aece949fa6aa0eef76d2959212a4c3118a5fa82faa5
  • Instruction Fuzzy Hash: 83334731A002199FDF25DBA4C895BEDBBF2EF44300F1480E9E429AB291DB759E85CF51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B8E6AC
    • Part of subcall function 00B65549: __EH_prolog.LIBCMT ref: 00B6554E
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
    • Part of subcall function 00B66FC5: __EH_prolog.LIBCMT ref: 00B66FCA
  • _CxxThrowException.MSVCRT(?,00BE02C0), ref: 00B8E956
  • _CxxThrowException.MSVCRT(?,00BE02C0), ref: 00B8E9A4
  • GetProcAddress.KERNEL32(00000000,MAPISendMail), ref: 00B8FB86
    • Part of subcall function 00B8E3D5: __EH_prolog.LIBCMT ref: 00B8E3DA
  • wcscmp.MSVCRT ref: 00B8F0F1
  • _CxxThrowException.MSVCRT(?,00BE49E0), ref: 00B8F170
  • memset.MSVCRT ref: 00B8FD9A
  • memset.MSVCRT ref: 00B8FDD5
  • memset.MSVCRT ref: 00B8FE10
  • CompareFileTime.KERNEL32(?,00000018,?,00000000,?,00000000), ref: 00B8FFBD
  • CompareFileTime.KERNEL32(?,-00000008), ref: 00B8FFD2
    • Part of subcall function 00B8E1FE: __EH_prolog.LIBCMT ref: 00B8E203
    • Part of subcall function 00B91B0E: __EH_prolog.LIBCMT ref: 00B91B13
    • Part of subcall function 00B91B0E: ctype.LIBCPMT ref: 00B91B37
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrowmemset$CompareFileTime$AddressProcctypefreewcscmp
  • String ID: $7-Zip cannot find MAPISendMail function$GetFullPathName error$It is not allowed to include archive to itself$MAPISendMail$MAPISendMailW$Mapi32.dll$SFX file is not specified$Scanning error$The file already exists$The file is read-only$There is a folder with the name of archive$There is some data block after the end of the archive$cannot delete the file$cannot find specified SFX module$cannot load Mapi32.dll$cannot move the file$rsfx$stdout
  • API String ID: 2048656472-2848870995
  • Opcode ID: bc424e2d61ff38e8cdbeea2213c61b5e4063125a7b3cd446ae2d7cbc7f7810e4
  • Instruction ID: c989ebc80d0972481d42d20f9138a88c52c2ce1c003b18d8d40195838b90421c
  • Opcode Fuzzy Hash: bc424e2d61ff38e8cdbeea2213c61b5e4063125a7b3cd446ae2d7cbc7f7810e4
  • Instruction Fuzzy Hash: BD03AC30C00289DEDF15EFA8C995BECBBF1AF15300F1440E9E459672A2DB749E89DB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetCurrentProcess.KERNEL32(00000000,?,00BDE058,?), ref: 00B9A7D2
  • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00B99A69,00000000), ref: 00B9A7D9
    • Part of subcall function 00B6A540: GetSystemTimeAsFileTime.KERNEL32(?,00B9A7F2,00000000,00000000,759A8E30), ref: 00B6A541
  • memset.MSVCRT ref: 00B9A7FB
  • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,00000000,759A8E30), ref: 00B9A814
  • GetProcAddress.KERNEL32(00000000,K32GetProcessMemoryInfo), ref: 00B9A829
  • LoadLibraryW.KERNEL32(Psapi.dll,?,?,?,?,?,?,?,?,?,?,?,?,?,00B99A69,00000000), ref: 00B9A836
  • GetProcAddress.KERNEL32(00000000,GetProcessMemoryInfo), ref: 00B9A846
  • GetCurrentProcess.KERNEL32(?,00000028,?,?,?,?,?,?,?,?,?,?,?,?,?,00B99A69), ref: 00B9A854
  • GetProcAddress.KERNEL32(?,QueryProcessCycleTime), ref: 00B9A868
  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00B99A69,00000000), ref: 00B9A874
  • fputs.MSVCRT ref: 00B9A8F7
  • __aulldiv.LIBCMT ref: 00B9A90C
  • fputs.MSVCRT ref: 00B9A929
  • fputs.MSVCRT ref: 00B9A955
  • __aulldiv.LIBCMT ref: 00B9A965
  • __aulldiv.LIBCMT ref: 00B9A97D
  • fputs.MSVCRT ref: 00B9A99A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: Processfputs$AddressCurrentProc__aulldiv$Time$FileHandleLibraryLoadModuleSystemTimesmemset
  • String ID: Cnt:$ Freq (cnt/ptime):$ MCycles$ MHz$GetProcessMemoryInfo$Global $K32GetProcessMemoryInfo$Kernel $Physical$Process$Psapi.dll$QueryProcessCycleTime$User $Virtual $kernel32.dll
  • API String ID: 4173168154-4201791934
  • Opcode ID: c9e82d9fe40dfa55c8b69c7b7778f64d7dee8fd089c64ec9aa7592c923e12f2c
  • Instruction ID: b2f2cb32daa90aef4c620c25769d7c8a85b76791c2aa6d6b0fa3b1c5cb6591a0
  • Opcode Fuzzy Hash: c9e82d9fe40dfa55c8b69c7b7778f64d7dee8fd089c64ec9aa7592c923e12f2c
  • Instruction Fuzzy Hash: FD615F72E00219BFDF14AFE4DC85DAEBBF9EB48710F1044BAF515A72A0EA7158408B65
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B72A64
  • GetCurrentProcess.KERNEL32(?,00000000,?,?,00000000,00000000,759A8E30), ref: 00B72A76
  • OpenProcessToken.ADVAPI32(00000000,00000028,?,?,00000000,?,?,00000000,00000000,759A8E30), ref: 00B72A8D
  • LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00B72AAF
  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,759A8E30), ref: 00B72AC4
  • GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,759A8E30), ref: 00B72ACE
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ProcessToken$AdjustCurrentErrorH_prologLastLookupOpenPrivilegePrivilegesValue
  • String ID: SeSecurityPrivilege
  • API String ID: 3475889169-2333288578
  • Opcode ID: 9e57e906b852fbbbf2b7c363aab158fbf3f10dce0adc2de8962c1079bd779b7d
  • Instruction ID: 6b8c10d347c674ed2ac93e5f8908f1f9fcd5dab0b50ffc65ba1db1dc75f3cf93
  • Opcode Fuzzy Hash: 9e57e906b852fbbbf2b7c363aab158fbf3f10dce0adc2de8962c1079bd779b7d
  • Instruction Fuzzy Hash: 07115EB1901219AFDB10EFA4DC95AEEF7BCFB04344F40416AE825F3190EB748A09DA60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B7CDC2
    • Part of subcall function 00B7DAEA: __EH_prolog.LIBCMT ref: 00B7DAEF
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID:
  • API String ID: 3519838083-0
  • Opcode ID: 4ec726ded4378854efcaf84ab0c7178361cbc5839bba98e153f5b016aec362b8
  • Instruction ID: 7ed0a054e7631e87e32b07218c49d9f7b5c317c5ec0a89cbe4fcc984c078440e
  • Opcode Fuzzy Hash: 4ec726ded4378854efcaf84ab0c7178361cbc5839bba98e153f5b016aec362b8
  • Instruction Fuzzy Hash: A6623771900259CFDF25DFA4C891BADBBF1EF14344F1480AAE82AAB281D7749E41CF91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00BAFB4B
  • SysFreeString.OLEAUT32(?), ref: 00BB059F
  • SysFreeString.OLEAUT32(?), ref: 00BB0664
    • Part of subcall function 00B61E55: malloc.MSVCRT ref: 00B61E68
    • Part of subcall function 00B61E55: _CxxThrowException.MSVCRT(?,00BE0098), ref: 00B61E82
    • Part of subcall function 00BB32B1: __EH_prolog.LIBCMT ref: 00BB32B6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: FreeH_prologString$ExceptionThrowmalloc
  • String ID:
  • API String ID: 4226697389-3916222277
  • Opcode ID: 36f53c78d0c40f5db57d8c0cd0e0a77c770c5f15d33a69551a27f618dcf3ce56
  • Instruction ID: 7b85c0b3867e5f6e6b5e02acbc736090f04952f91b2d036b2e3b9ac457129485
  • Opcode Fuzzy Hash: 36f53c78d0c40f5db57d8c0cd0e0a77c770c5f15d33a69551a27f618dcf3ce56
  • Instruction Fuzzy Hash: B2536930904259DFDF25DBA8C994BEDBBF4AF19304F1444E9E44AA7292DBB09E85CF10
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,74DEF5D0,00000002,00000000,?,?,?,?,?,?,00B676EF,00B61B1A,00B6785D,?,00000002), ref: 00B68F8D
  • GetProcAddress.KERNEL32(00000000), ref: 00B68F94
  • GetDiskFreeSpaceW.KERNEL32(00000002,?,00B6785D,00B676EF,00B61B1A,?,?,?,?,?,?,00B676EF,00B61B1A,00B6785D,?,00000002), ref: 00B68FE4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressDiskFreeHandleModuleProcSpace
  • String ID: GetDiskFreeSpaceExW$kernel32.dll
  • API String ID: 1197914913-1127948838
  • Opcode ID: ffa7f44f769fc1b05800ef0266692d419a10a324c6e60bb20663fc9144ba9991
  • Instruction ID: bcc7005d139715d4644070da08a9afe2965222be31f8a92f6c78eeaa1a18d215
  • Opcode Fuzzy Hash: ffa7f44f769fc1b05800ef0266692d419a10a324c6e60bb20663fc9144ba9991
  • Instruction Fuzzy Hash: 8721F8B190021AAFDB11DF94C845EEEFBF8FF48300F1484AAE555A7250E731A955CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetVersion.KERNEL32(00B9B131), ref: 00BCD230
  • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00BCD246
  • GetProcAddress.KERNEL32(00000000), ref: 00BCD24D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressHandleModuleProcVersion
  • String ID: SetDefaultDllDirectories$kernel32.dll
  • API String ID: 3310240892-2102062458
  • Opcode ID: 8ee96c8f3de050843b315004310dcae4670554f2d084eaa64b335c394f0ef0fb
  • Instruction ID: 3fc1c854480bfbffdbabaf9a5c9fe24cf80aadb378fb05245b6ff1f15940d64c
  • Opcode Fuzzy Hash: 8ee96c8f3de050843b315004310dcae4670554f2d084eaa64b335c394f0ef0fb
  • Instruction Fuzzy Hash: 80C01224646203BAD71027B4DD1EF15B7969F40B03F4040A6B501FA1E4FE65C402C721
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00BA3FDA
    • Part of subcall function 00BAB693: _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00BAB6DC
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionH_prologThrow
  • String ID:
  • API String ID: 461045715-3916222277
  • Opcode ID: 0499824b2ac7eb0f3fc5d0398dfc7ca3aa78e691b4e493c704a72d83dcd8bd03
  • Instruction ID: 1451730912eb4af078574aeba2a529a4337ab5ead47afd9cc35ec988329e675d
  • Opcode Fuzzy Hash: 0499824b2ac7eb0f3fc5d0398dfc7ca3aa78e691b4e493c704a72d83dcd8bd03
  • Instruction Fuzzy Hash: 8E927C30904249DFDF14DFA8C884BAEBBF1EF8A304F244499E815AB291CBB5DD45CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B6801F
  • GetFileInformationByHandle.KERNEL32(000000FF,?,?,00000000,00000001,00000003,02200000,?,?,?), ref: 00B6806E
  • DeviceIoControl.KERNEL32(000000FF,000900A8,00000000,00000000,00000000,00004000,?,00000000), ref: 00B6809B
  • memcpy.MSVCRT ref: 00B680BA
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ControlDeviceFileH_prologHandleInformationfreememcpy
  • String ID:
  • API String ID: 1689166341-0
  • Opcode ID: 7071c0417e04943b9965430b6eb15dd69653d863b8ae191e16006b9788a2fcce
  • Instruction ID: f6f94c89ced04bb3090ded01669b84cc40da551e34d96cb3c5c448296e832ed1
  • Opcode Fuzzy Hash: 7071c0417e04943b9965430b6eb15dd69653d863b8ae191e16006b9788a2fcce
  • Instruction Fuzzy Hash: 7C217172900205BFDF219F94DC85AEEBBF9EB95740F2445AEF905A7281CA364E04CA60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00BA941B
    • Part of subcall function 00BAAB49: __EH_prolog.LIBCMT ref: 00BAAB4E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: Copy$LZMA2
  • API String ID: 3519838083-1006940721
  • Opcode ID: fbcb2b0345840f182710fc85665fbabd08023237e36494b40772054e3a19d0f8
  • Instruction ID: 995bac92dd86682a155f002ab810f81efd2ea8b1e8e996984b2adf52cae9e873
  • Opcode Fuzzy Hash: fbcb2b0345840f182710fc85665fbabd08023237e36494b40772054e3a19d0f8
  • Instruction Fuzzy Hash: 43D1A171D082049FDF25DFA8C485BAEB7F2FF96310F1481AAE415AB285DB749C41DB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • FileTimeToLocalFileTime.KERNEL32(?,00000000,?,00000000,?,00000000,00B96C61,00000000,00BEA5B0,00000000,00000000), ref: 00B69494
  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B694A6
  • __aullrem.LIBCMT ref: 00B69608
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: Time$File$LocalSystem__aullrem
  • String ID:
  • API String ID: 2417234408-0
  • Opcode ID: 93f3a8b011cc869ba5c56c67535c4a5815e875adda301616cb263f23633ec8b9
  • Instruction ID: ad6d82a3c812cae70c2624d2796aae08cfdea0a21a7f16f1d15c2541af07573d
  • Opcode Fuzzy Hash: 93f3a8b011cc869ba5c56c67535c4a5815e875adda301616cb263f23633ec8b9
  • Instruction Fuzzy Hash: 7351D7B1A04345DBDB10CF5AC4C06EEFBE6EF7A214F14C05EE88497242D27A599AC761
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B671BA
  • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,00000050,?,00000000), ref: 00B671D7
  • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,?,00000000), ref: 00B67205
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: DriveLogicalStrings$H_prologfree
  • String ID:
  • API String ID: 396970233-0
  • Opcode ID: 9f6a736fe2e0911b449cafd10debe7c78544fefd417a02aceabc5e051a3c3085
  • Instruction ID: c7d4b7ec1ef9c9bbaefd6df02e73ebc19f1454a1fc16b331fcf436d758b0458a
  • Opcode Fuzzy Hash: 9f6a736fe2e0911b449cafd10debe7c78544fefd417a02aceabc5e051a3c3085
  • Instruction Fuzzy Hash: B821B672E042099BDB10EFE8D8D26EEF7F8EF45314F2045AAE111B3281DA79994587A0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B665A6
    • Part of subcall function 00B66581: FindClose.KERNEL32(00000000,?,00B665B9), ref: 00B6658C
  • FindFirstFileW.KERNEL32(?,-00000268,?,00000000), ref: 00B665DE
  • FindFirstFileW.KERNEL32(?,-00000268,00000000,?,00000000), ref: 00B66617
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: Find$FileFirst$CloseH_prolog
  • String ID:
  • API String ID: 3371352514-0
  • Opcode ID: 579d65a28f991b897bde1ce0a74ec0f2eaebe76e7a97da92ba220d2195cc69e6
  • Instruction ID: 6b63217060e80e55eec5b48c344a0b303e38a3bdb7e2b03a7481dc3b6fefb2a3
  • Opcode Fuzzy Hash: 579d65a28f991b897bde1ce0a74ec0f2eaebe76e7a97da92ba220d2195cc69e6
  • Instruction Fuzzy Hash: 2511863180020AAFCB10EF64D8566FDB7F9EF54320F1047A9E95167291DB798D85DB40
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00BAC892
    • Part of subcall function 00BAC560: __EH_prolog.LIBCMT ref: 00BAC565
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BACD6A
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrow
  • String ID:
  • API String ID: 2366012087-0
  • Opcode ID: 83fce6e26dcfd4659f2c863535cfbe5e666d6c1267bc6bac87db9acb0f0ad1eb
  • Instruction ID: 61e2618e75f000ae749e1ef034b9700b5a64019ff278b9ee07ad22e4bad76c24
  • Opcode Fuzzy Hash: 83fce6e26dcfd4659f2c863535cfbe5e666d6c1267bc6bac87db9acb0f0ad1eb
  • Instruction Fuzzy Hash: B9325A70908249DFCF15DFA4C590AEDBFF1FF06314F1480A9E859AB252DB31AA55CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B61AEF
  • GetLastError.KERNEL32(00000000,?,00000000,00000000), ref: 00B61B1E
    • Part of subcall function 00B6736B: CloseHandle.KERNEL32(00000000,?,00B672CE,00000002,?,00000000,00000000), ref: 00B67376
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CloseErrorH_prologHandleLast
  • String ID:
  • API String ID: 2926474838-0
  • Opcode ID: 776fe2c3890ee431f37c495e1bbc7b4b48c97a454c0b86d704e017a09b883ea7
  • Instruction ID: 053a945727f3b8d54910b389ae3e9a41e8573dc0ff644e9c136987606a0ad4da
  • Opcode Fuzzy Hash: 776fe2c3890ee431f37c495e1bbc7b4b48c97a454c0b86d704e017a09b883ea7
  • Instruction Fuzzy Hash: 3D91AF31D00119DACF14EFA8D4919EDB7F5FF55304F2888E9E8526B261EB398D46CB50
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: __aulldiv
  • String ID:
  • API String ID: 3732870572-0
  • Opcode ID: 85913e3f4cb3308c596f24d8ca69a3904edbf797f8c32198884b525cdf9809c6
  • Instruction ID: 9bd349939b0834afe9aef60265b2a20df943f60aed1a5bad2810b7f36d4ab5c1
  • Opcode Fuzzy Hash: 85913e3f4cb3308c596f24d8ca69a3904edbf797f8c32198884b525cdf9809c6
  • Instruction Fuzzy Hash: 8EE16A716043458BC724CF29C881BAABBE5FFE8314F14896EF8598B355D730E945CB91
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID: @
  • API String ID: 0-2766056989
  • Opcode ID: 9c08d11c021c4da0b5b8bc749e12937abe4e10c6bf4aed09d3703dd665357c65
  • Instruction ID: 8907a54f3405640e2f7d6588d13da0cf2a6682341a9d9730a085127b51be50f7
  • Opcode Fuzzy Hash: 9c08d11c021c4da0b5b8bc749e12937abe4e10c6bf4aed09d3703dd665357c65
  • Instruction Fuzzy Hash: E21208B29083158FC358DF4AD44045BF7E2BFC8714F1A8A6EE898A7311D770E9568BC6
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID: @
  • API String ID: 0-2766056989
  • Opcode ID: 08b9f8a5d95f58867db49acfea9b15dafda3a78d7a7d0d3ea48663fb4db13f0c
  • Instruction ID: 22473f3723aa90ea3cf3301d9f4a6e82d1b8aca44ca57fc7f597d08da7d5ff25
  • Opcode Fuzzy Hash: 08b9f8a5d95f58867db49acfea9b15dafda3a78d7a7d0d3ea48663fb4db13f0c
  • Instruction Fuzzy Hash: 69D13D729083148FC758DF4AD84045BF7E2BFC8314F1A892EF899A7315DB70A9568BC6
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00B69810: GetCurrentProcess.KERNEL32(?,?,00B69831), ref: 00B69815
    • Part of subcall function 00B69810: GetProcessAffinityMask.KERNEL32(00000000), ref: 00B6981C
  • GetSystemInfo.KERNEL32(?), ref: 00B69847
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: Process$AffinityCurrentInfoMaskSystem
  • String ID:
  • API String ID: 3251479945-0
  • Opcode ID: e3f7ac53f5692ef6052c89741baf7f9ee62a5e3cf3b0a8308a23ec0624f3ca0d
  • Instruction ID: 8230dcc8be485e80f770ae7a8f1f51fe588fd7adb3091916147e589a3915676e
  • Opcode Fuzzy Hash: e3f7ac53f5692ef6052c89741baf7f9ee62a5e3cf3b0a8308a23ec0624f3ca0d
  • Instruction Fuzzy Hash: 8BD05B31E0010A97CF04EBF5D5969ED77FC9E45748F040095D502E3150EB74DE45C751
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetSystemTimeAsFileTime.KERNEL32(?,00B9A7F2,00000000,00000000,759A8E30), ref: 00B6A541
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: Time$FileSystem
  • String ID:
  • API String ID: 2086374402-0
  • Opcode ID: 1fcf8f9241291f9406540ae2bcd7192a802d203564765b838d09d5fa41874211
  • Instruction ID: ebc05f25a978c06aa446c5a821135032defc5d60d1e0d7e070d231d8532924cc
  • Opcode Fuzzy Hash: 1fcf8f9241291f9406540ae2bcd7192a802d203564765b838d09d5fa41874211
  • Instruction Fuzzy Hash:
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcpy
  • String ID:
  • API String ID: 3510742995-0
  • Opcode ID: 6f18ee7aea65e8e83a228cca88fccedc51b3ba5f16a6187693b239f8bea897d8
  • Instruction ID: 86935221337caf7e3a7d402dca936a60eee5097a61db253d16469fd244cd52b3
  • Opcode Fuzzy Hash: 6f18ee7aea65e8e83a228cca88fccedc51b3ba5f16a6187693b239f8bea897d8
  • Instruction Fuzzy Hash: 1241B2729047068FDB04DF19C890A7AB3E0FF88718F454A6DE95AA7341E331EE15CB81
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$EnterErrorLastLeaveObjectSingleWait
  • String ID:
  • API String ID: 1001467830-0
  • Opcode ID: acf23858033f062da882275806ba56ff9699fd87b6f7af2d995412dc6e255e85
  • Instruction ID: 0b36ac4e8add51e0cea5e06bb71064fccdfcf5bf8d41afe267935b126195948c
  • Opcode Fuzzy Hash: acf23858033f062da882275806ba56ff9699fd87b6f7af2d995412dc6e255e85
  • Instruction Fuzzy Hash: 6D62E471A483458FCB24CF19C480A2ABBE5FFD8740F148AAEE99987315DB70D945CF92
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: daa92de1816b4c388b9e2590df24f28cf8ea4b406a8d5ae517489f7e1184e5b5
  • Instruction ID: 3288c3da97fe957c6cb438b3e65f7f8022a857af3fd763a029e52439e5580421
  • Opcode Fuzzy Hash: daa92de1816b4c388b9e2590df24f28cf8ea4b406a8d5ae517489f7e1184e5b5
  • Instruction Fuzzy Hash: D1427C71604B068BD728DF29C891BAAB3E2FB84304F444A6DE897C7795E774F985CB40
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: dc8004adaa3259f52bc6ab735d8be8844deca4391a1dba6202427b66ce1407bc
  • Instruction ID: 8e91ec20dcedcdba29f752968d1159ad6c4add8d26dbce29ee05d44ebb232ec9
  • Opcode Fuzzy Hash: dc8004adaa3259f52bc6ab735d8be8844deca4391a1dba6202427b66ce1407bc
  • Instruction Fuzzy Hash: 4402F873A183518BDB18CE19CCC0729B7E3FBD0390F6A4A6DF89647385DAB09946C785
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f4c3878cdf6dda1e5ca36c24f377bc52bcf6993d29949e9196dea34e7f5de905
  • Instruction ID: 3c87d6bf35eb86dba0bc244a53fabf1adc5335f4a93c7379a2e7636350cee8a5
  • Opcode Fuzzy Hash: f4c3878cdf6dda1e5ca36c24f377bc52bcf6993d29949e9196dea34e7f5de905
  • Instruction Fuzzy Hash: D4022572A083118BD708CE2CC490779BBE2FBC5345F140EAEE896E7695D770D889CB95
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: a788fb014de21de7070c2b3d53122e19c4a1232b0c236b55b7052879b2f94ac7
  • Instruction ID: b82d69474d2dd5b9de66143d3015873315e3c5dcc9481bc2458bea614ff5270a
  • Opcode Fuzzy Hash: a788fb014de21de7070c2b3d53122e19c4a1232b0c236b55b7052879b2f94ac7
  • Instruction Fuzzy Hash: BAF17B71604A02DFE358CF24C584BA9F7E1FF88714F14466EE59987A50EB30B965CF81
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 00e1154c1c2d87d72fffb9365c5a32782a552fd4514208c43031cb3a758c6027
  • Instruction ID: 870325bdc6220013229828a59ab6f4f2f61fed3857f315335556cf15fbb41695
  • Opcode Fuzzy Hash: 00e1154c1c2d87d72fffb9365c5a32782a552fd4514208c43031cb3a758c6027
  • Instruction Fuzzy Hash: 6AE1A2768043DA4FD358EF9CECD15367BA1EF88310F4A457DCA551B293DA38A912DB80
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0be95466a501aa6df6135e314a315b2d27713a5a1a3cbbde2114f59cc96eeb67
  • Instruction ID: 2a26b1694effb266787d9671b8914c68d2de933d6e8d73bcdcf352fca43dc034
  • Opcode Fuzzy Hash: 0be95466a501aa6df6135e314a315b2d27713a5a1a3cbbde2114f59cc96eeb67
  • Instruction Fuzzy Hash: 8CB16D72A016118FC750CF2DC8806A4BBA2FBC532977993EDC4958B656D7B2E807CB90
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 459f69cd361159c4675f4e10361265bcaac0e915c2fbf937a5263f1369e5d33e
  • Instruction ID: 9c7b562f767f1c19f5f67ad8ad7b2853cfd8b2188ef9d6ac37377b3ac3b750b4
  • Opcode Fuzzy Hash: 459f69cd361159c4675f4e10361265bcaac0e915c2fbf937a5263f1369e5d33e
  • Instruction Fuzzy Hash: 8DD1B4358583AB4FD394EF9DEC906367762AF84310F49813ACA540F6A7DA38F611D790
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3382a8705438fba20fb1c633477443a8c9fa85f9be51780dad007a6a6618531c
  • Instruction ID: 8c208216b12e3c762d4803420e99956e4854f29a0cfcdc4b3fc3b6e07836f9a0
  • Opcode Fuzzy Hash: 3382a8705438fba20fb1c633477443a8c9fa85f9be51780dad007a6a6618531c
  • Instruction Fuzzy Hash: 7C611EB33082118FD718CF69E580AA6B7E9EB98320B1685BFE145CB361E771DC45CB58
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 482053017e2a7efdb7bc9ab3d96018154e4c77c6c4b2041277a2a90eb64ac0e3
  • Instruction ID: 47fd3b8ed905f2e5b45960a012ad7b27ef9aa61ea3fbebb3402eea298f4e4aea
  • Opcode Fuzzy Hash: 482053017e2a7efdb7bc9ab3d96018154e4c77c6c4b2041277a2a90eb64ac0e3
  • Instruction Fuzzy Hash: BA81F2B2D447298BD710CF88ECC4596B3A1FB88308F0A467DDE591B352D2B9BA15DBD0
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 5e9017a1b3daf5dbc3bbc4d00d9ee100adfebc0988ad4a32ef77af03b57092a4
  • Instruction ID: c63e8de7f600bfe7c4d41697773204ea242266e504e14b2f1dea51313035724e
  • Opcode Fuzzy Hash: 5e9017a1b3daf5dbc3bbc4d00d9ee100adfebc0988ad4a32ef77af03b57092a4
  • Instruction Fuzzy Hash: 0AA19D719082498FD729CF18D4A0BAEB7F2FFD4308F14896DE8868B351D735AA55CB41
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 1e144e3ab01ad0c1374fc479d6e69199773169d0809bfde8fbea9fa4d5497ab0
  • Instruction ID: b2bd0b18565b6cb4477f37229b5718710a1e07a91d8508955ac1d33abe2b32b9
  • Opcode Fuzzy Hash: 1e144e3ab01ad0c1374fc479d6e69199773169d0809bfde8fbea9fa4d5497ab0
  • Instruction Fuzzy Hash: D9918EB2C1872A8BD314CF18D88066AB7E0FB88318F45067DED9A97341D739EA55CBC5
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 6ddd28b9b1dfa2583e8464f99ac8c3cc525c7240c6f85fd775fa31473d4ad4be
  • Instruction ID: cf7cadb6c88122df415dd7c78b85c4746efc7cdf70553934525ce998ab3456dd
  • Opcode Fuzzy Hash: 6ddd28b9b1dfa2583e8464f99ac8c3cc525c7240c6f85fd775fa31473d4ad4be
  • Instruction Fuzzy Hash: 3051BD73E204358AE74CCE28DC6176676D2E788310F4AD2BD9D9BAB2E5CD78985187C0
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: e7510d37d1dc4b924ec4f7ba8427fb7a6be5c38a378ebc779dfd7017bf70bacd
  • Instruction ID: ee0ba189feb229b08d505162bfa1996c058308d1b3a7732e197a86efbff35dfd
  • Opcode Fuzzy Hash: e7510d37d1dc4b924ec4f7ba8427fb7a6be5c38a378ebc779dfd7017bf70bacd
  • Instruction Fuzzy Hash: 69519072F40609ABDF08CE98D9856ADB7F2EB98304F2481ADD125E7381DB74DB41CB50
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3706a3fcd2113ee5f06ab3bc9fe8b983cc2b1c89dac95b2b06fb754bd769e623
  • Instruction ID: b415f5c64a9e2512b65927d137b733eed08a8dd364c18245b6179f19e7de31c0
  • Opcode Fuzzy Hash: 3706a3fcd2113ee5f06ab3bc9fe8b983cc2b1c89dac95b2b06fb754bd769e623
  • Instruction Fuzzy Hash: 5941B132F106600AB3488E669CC16666BD3DBC9352B49C27DD5A5CB6D9D9BDC40382A0
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 72c1d2a683874879174d131ccb4dddd1e2f70cb764b1e7878fe2ff4eea78678e
  • Instruction ID: f90e8abff0a1865e3c0f6a0fc508c553b5e775d6c37ec3bfbe4382e34196571a
  • Opcode Fuzzy Hash: 72c1d2a683874879174d131ccb4dddd1e2f70cb764b1e7878fe2ff4eea78678e
  • Instruction Fuzzy Hash: B13114677B4501138B5CCD2BCC427AF92939BE422670EDF795958CAF55D92CC8124146
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2e506fc7279a820970dcbf9ac392f20d839b71f7c0b8c4e9d2c3673edf14b0ee
  • Instruction ID: e6fb5aa1e455b5f566f45760634f6aba6b2fe4bfeac2f48c99be3657fdcbb809
  • Opcode Fuzzy Hash: 2e506fc7279a820970dcbf9ac392f20d839b71f7c0b8c4e9d2c3673edf14b0ee
  • Instruction Fuzzy Hash: 68314673500A050FF620C9298D983F66AD3DBD2364F1A87F8D956873ECCAF0DE068144
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 9e60619b53f5733759f851c7e89353584e6ca2cea002716f3001e8b4c6fadb46
  • Instruction ID: 8108e8a259576395cd004703df1eddd548305f36b4772efe2859fdf92b4f5f20
  • Opcode Fuzzy Hash: 9e60619b53f5733759f851c7e89353584e6ca2cea002716f3001e8b4c6fadb46
  • Instruction Fuzzy Hash: D33109B3900A054BF630C519CD853F66AD3DBF2370F1A87A5CD56976E8CAF1AD428144
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d7beadfe189e12e727855fcdaba4f9e5d63109d79e10011f30978218891d1dfa
  • Instruction ID: d25264f77e10f72b618fbd9a8be34d17be4050796ec16bf5aa8947549aa519cf
  • Opcode Fuzzy Hash: d7beadfe189e12e727855fcdaba4f9e5d63109d79e10011f30978218891d1dfa
  • Instruction Fuzzy Hash: 49218E376A095B4BD70C8A28DC73AB922C0E745305F4966BDE95BCB3D1DF6CC940C648
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 50c5f82647b921db71506163ed101340ec0fbc2a297409ef2050032f9cb45660
  • Instruction ID: 58d04dc85dbce9709b669b77aeb72bd2499ceaa11bb677ab78738fb05a5bf7da
  • Opcode Fuzzy Hash: 50c5f82647b921db71506163ed101340ec0fbc2a297409ef2050032f9cb45660
  • Instruction Fuzzy Hash: 72212B79A083A707E3105E69CCC0775B7E2EBC1301F0D85BED955CF686E1799982D360
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2f6c02fb19c880906673f7e2ee61692b55198f776a78d908325c4e40f91ba080
  • Instruction ID: 0004905dc95abe539b272d66e73ea3ea06d2e32a47124789b5aaa7f7c0e96dd7
  • Opcode Fuzzy Hash: 2f6c02fb19c880906673f7e2ee61692b55198f776a78d908325c4e40f91ba080
  • Instruction Fuzzy Hash: 3D21457291046587C705CF2DF888A77F3E1FFE431DF638A2AD9828B280D624D800D6A0
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 86d22ac803694251da3d5663bdc7c2053185f9a951a5658cb00391f05c9a66c7
  • Instruction ID: fdbf264bff128949d0991c7eab51bc467573b757207f985ec54d02e1a8c02a37
  • Opcode Fuzzy Hash: 86d22ac803694251da3d5663bdc7c2053185f9a951a5658cb00391f05c9a66c7
  • Instruction Fuzzy Hash: AF2124326012548BC701EF6AD88469BB3E2FFD8365F67C67EED8147244C631EA068690
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f18cd9d9e139bd055bb212acf8773c3fe54c7ac8df6eb17b1ef3fe2716829738
  • Instruction ID: e74681910a92fd99e291f9ba3db1bddc37ee7d55d9957c623508f257eec115e7
  • Opcode Fuzzy Hash: f18cd9d9e139bd055bb212acf8773c3fe54c7ac8df6eb17b1ef3fe2716829738
  • Instruction Fuzzy Hash: C6218177320A0647E74C8A38D83737521D0A705318F98666DE96BCE2C2D73AC457C344
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 796fa06eff2f49fc444fcc1adb98cbeaf3cf90a2c747341278c1d966553bae6f
  • Instruction ID: 934ea00cbbed44ed2bae9ee9ce6b5cb564ebf3751b37ae2f3e4af7b11d15f29f
  • Opcode Fuzzy Hash: 796fa06eff2f49fc444fcc1adb98cbeaf3cf90a2c747341278c1d966553bae6f
  • Instruction Fuzzy Hash: 4901DE6529668989E781DA7DD890748FEC0F756302F9CC3E8E0C8DFB42D999C54BC3A1
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b8de0586c271a62662545cbcc3a7a3f305336ecaaee466a7150af84251bbb2fa
  • Instruction ID: 89c96755f4595bc90cda808424b70a3308dfb4c64ee472c68fcbc8688d7143e6
  • Opcode Fuzzy Hash: b8de0586c271a62662545cbcc3a7a3f305336ecaaee466a7150af84251bbb2fa
  • Instruction Fuzzy Hash: 9901AD7291462A57DB289F08CC41132B390FB84312F49823ADD469B385E634F970C6C4
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d8b2ce9af6ca23b39d287f27f794cd19cdb7301d321a8ca7d0b17b1edfa8364a
  • Instruction ID: afd501ae1cde35a204afbc1f9b5508be4c3a63a59f2c6c69ed49e9e11c1247c8
  • Opcode Fuzzy Hash: d8b2ce9af6ca23b39d287f27f794cd19cdb7301d321a8ca7d0b17b1edfa8364a
  • Instruction Fuzzy Hash: 23C080A711810027C716D92595D0BAAE6A37350330F158C7E9051D3E43C224C0658111
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00BAB98E
    • Part of subcall function 00BAB088: _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BAB0AB
  • memcpy.MSVCRT ref: 00BABD80
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE1C
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE30
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE44
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE58
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE6C
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE80
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABE94
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABEA8
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABEBC
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABED0
  • _CxxThrowException.MSVCRT(?,00BE8128), ref: 00BABEE4
    • Part of subcall function 00BAAEB1: _CxxThrowException.MSVCRT(?,00BE80E8), ref: 00BAAEC4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrow$H_prologmemcpy
  • String ID: $!$@
  • API String ID: 3273695820-2517134481
  • Opcode ID: 1faf276a0cb9d6866c1f5e44a533d09405334322ad9437503fea3c70ef0ff2ca
  • Instruction ID: 45fd8108fca77adc55f6c31f2c45d650ae010dbb460a1664b34cfd74c029c51a
  • Opcode Fuzzy Hash: 1faf276a0cb9d6866c1f5e44a533d09405334322ad9437503fea3c70ef0ff2ca
  • Instruction Fuzzy Hash: 6F122B7490924AEFCF14DFA4C891DADBBF1FF0A310F1484A9E855AB652DB30A945CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9A4E4
  • fputs.MSVCRT ref: 00B9A54E
    • Part of subcall function 00B62221: fputs.MSVCRT ref: 00B6223B
  • fputs.MSVCRT ref: 00B9A51F
    • Part of subcall function 00B9A711: __EH_prolog.LIBCMT ref: 00B9A716
    • Part of subcall function 00B9A711: fputs.MSVCRT ref: 00B9A73F
    • Part of subcall function 00B9A711: fputs.MSVCRT ref: 00B9A783
  • fputs.MSVCRT ref: 00B9A5D1
  • fputs.MSVCRT ref: 00B9A5F0
  • fputs.MSVCRT ref: 00B9A619
  • fputs.MSVCRT ref: 00B9A62C
  • fputc.MSVCRT ref: 00B9A639
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prologfputc
  • String ID: Error:$ file$Scan WARNINGS for files and folders:$Scan WARNINGS: $WARNING: Cannot open $WARNINGS for files:
  • API String ID: 3294964263-2840245699
  • Opcode ID: fcfbe8ed46954ef8b712d84724928c5e51284e23be0ba0395723c88240460ed8
  • Instruction ID: 6736942ab75b4a3fd5fd9e310b4284554a09a94b92a640ebacb58f9af78b83ba
  • Opcode Fuzzy Hash: fcfbe8ed46954ef8b712d84724928c5e51284e23be0ba0395723c88240460ed8
  • Instruction Fuzzy Hash: 63519F31A002059FCF19EF94D892AADB7F5EF44701F2804FEE4056A292DF759E44CBA2
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 5e651106a7780d76bf61d9617c669c98fae3888d064c8017de44a599127becda
  • Instruction ID: b735b983ad2d33c1f54071e95ad7dae3171dccc27e7b16714cc1b413b53468f1
  • Opcode Fuzzy Hash: 5e651106a7780d76bf61d9617c669c98fae3888d064c8017de44a599127becda
  • Instruction Fuzzy Hash: FB914C72600611ABD7209A21CC41FAB77F8EFA5750F0444E9FD4ADB216FB24BE84CB95
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B96E46
  • fputs.MSVCRT ref: 00B96E7C
    • Part of subcall function 00B97170: __EH_prolog.LIBCMT ref: 00B97175
    • Part of subcall function 00B97170: fputs.MSVCRT ref: 00B9718A
    • Part of subcall function 00B97170: fputs.MSVCRT ref: 00B97193
  • fputs.MSVCRT ref: 00B96EA9
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
    • Part of subcall function 00B69312: VariantClear.OLEAUT32(?), ref: 00B69334
  • SysFreeString.OLEAUT32(00000000), ref: 00B96FD9
  • fputs.MSVCRT ref: 00B96FFC
  • SysFreeString.OLEAUT32(00000000), ref: 00B97096
  • SysFreeString.OLEAUT32(00000000), ref: 00B970E0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$FreeString$H_prolog$ClearVariantfputc
  • String ID: --$----$Path$Type$Warning: The archive is open with offset
  • API String ID: 2889736305-3797937567
  • Opcode ID: 76e3fefe9e9492391c46c0c29e9dfbdadd02c747cddee9c3b1e87bdab7c23695
  • Instruction ID: b74cbdcdb8885e1a86f65585f00763ca4b735de9af4a561ce00586bcf917b04f
  • Opcode Fuzzy Hash: 76e3fefe9e9492391c46c0c29e9dfbdadd02c747cddee9c3b1e87bdab7c23695
  • Instruction Fuzzy Hash: 31915871A14205EFDF14DFA4C995EAEBBF5FF48310F2041AAE416A7291EB70AD05CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B71D66
  • OpenFileMappingW.KERNEL32(00000004,00000000,00000002,?,?,?,00000000,?), ref: 00B71E2A
  • GetLastError.KERNEL32(?,?,00000000,?), ref: 00B71E37
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorFileH_prologLastMappingOpen
  • String ID: Cannot open mapping$Map data error$MapViewOfFile error$Unsupported Map data$Unsupported Map data size
  • API String ID: 2221086200-2628113885
  • Opcode ID: 9a1bac63a35b340d0809b531230bf1a2a0a3acdb5a98043bc760b1ba81f89fce
  • Instruction ID: 60234358cca060c8294f191814d9515ed3087d1ed6d9b34aa1a350e7338847c8
  • Opcode Fuzzy Hash: 9a1bac63a35b340d0809b531230bf1a2a0a3acdb5a98043bc760b1ba81f89fce
  • Instruction Fuzzy Hash: 7A516A7180111AEECB00EBACD885AEDB7F5EF14304F1488E9E829B7251DB715E45CB71
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B94865
  • fputs.MSVCRT ref: 00B94882
  • fputs.MSVCRT ref: 00B9488B
    • Part of subcall function 00B62163: __EH_prolog.LIBCMT ref: 00B62168
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
  • fputs.MSVCRT ref: 00B948D1
  • fputs.MSVCRT ref: 00B948DA
  • fputs.MSVCRT ref: 00B948E1
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
  • fputs.MSVCRT ref: 00B94913
  • fputs.MSVCRT ref: 00B9491C
  • fputs.MSVCRT ref: 00B94924
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog$fputcfree
  • String ID: Modified: $Path: $Size:
  • API String ID: 2632947726-3207571042
  • Opcode ID: 1e8e654a8424dcf675eba34e95c6da966ad4a08cba85d025e40460fbc5bdc0e9
  • Instruction ID: ecf1065f7fd3e8c04aa581db5a938de70836ff6d08bfb5c44f1ba19ef7410dc5
  • Opcode Fuzzy Hash: 1e8e654a8424dcf675eba34e95c6da966ad4a08cba85d025e40460fbc5bdc0e9
  • Instruction Fuzzy Hash: B5218331A00115ABCF05ABE5DCD2EAEBFA6FF44354F1440A6F804661A1FF355861EF90
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog
  • String ID: @$data:
  • API String ID: 2614055831-1130426132
  • Opcode ID: fb3513284f87b8a442c42724ca2c199281f0d78cfef47de67dc43ae3e8201f55
  • Instruction ID: 28dbef63e3fb4be54c6710b52c552737bfeb0e7a3c6ae1d1d8a32d7781f2c157
  • Opcode Fuzzy Hash: fb3513284f87b8a442c42724ca2c199281f0d78cfef47de67dc43ae3e8201f55
  • Instruction Fuzzy Hash: ECD1C37190020AEFCF15DFA4C990AEEB7F5FF18304F2444AAE446A7291EB34AD04CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: $ $.$:mem$Delta$LZMA$LZMA2$o
  • API String ID: 3519838083-3806607069
  • Opcode ID: 6967c505dc2ef376f1a6897c486d771a3993e206dd260ecbf714d6221a0ed4f4
  • Instruction ID: 4707f00a3c636f6f0f9a308ba73fb087c4af2d204e2c372093368d108670c8e6
  • Opcode Fuzzy Hash: 6967c505dc2ef376f1a6897c486d771a3993e206dd260ecbf714d6221a0ed4f4
  • Instruction Fuzzy Hash: 35D1D031D082598ACF21CFA8C8946EEBBF2FF1A304F2441AAD456AB651EB715D05CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B66231
  • GetCurrentThreadId.KERNEL32 ref: 00B66241
  • GetTickCount.KERNEL32 ref: 00B6624C
  • GetCurrentProcessId.KERNEL32(?,?,00000000), ref: 00B66257
  • GetTickCount.KERNEL32 ref: 00B662B1
  • SetLastError.KERNEL32(000000B7,?,?,?,?,00000000), ref: 00B662FE
  • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00B66325
    • Part of subcall function 00B65A99: __EH_prolog.LIBCMT ref: 00B65A9E
    • Part of subcall function 00B65A99: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,?,?,00000000), ref: 00B65AC0
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CountCurrentErrorH_prologLastTick$CreateDirectoryProcessThreadfree
  • String ID: .tmp$d
  • API String ID: 1989517917-2797371523
  • Opcode ID: c64197456a70687bce9a3c4e38b8499b75a90ef91289cca41ad88d65f74602f0
  • Instruction ID: 88bc84b30120395e747432e15374d2a78d224f88af394f27e7c283e6703b957b
  • Opcode Fuzzy Hash: c64197456a70687bce9a3c4e38b8499b75a90ef91289cca41ad88d65f74602f0
  • Instruction Fuzzy Hash: 7D410232911225EBDF14ABA8DC6A7EDB7F1FF55315F1401AAE402B72A1DB3C8801CB51
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$fputc$__aulldiv
  • String ID: Time =$Kernel
  • API String ID: 3602660170-1750218609
  • Opcode ID: 8322702db7d2de7cde80a4d50ca2ec3032a4fea9b4ffdfcf37b6490386fa0c80
  • Instruction ID: 150500a7b86d752b1c3a2df539f38ed4720d2ea74742085f7f58d6330055b18d
  • Opcode Fuzzy Hash: 8322702db7d2de7cde80a4d50ca2ec3032a4fea9b4ffdfcf37b6490386fa0c80
  • Instruction Fuzzy Hash: 4F31C731500254BFEF15AF98DC42F9E77E5EF48720F1580AAF908AF290DA719D508B95
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetCurrentProcessId.KERNEL32(?,00BEA8F8), ref: 00BBADBA
    • Part of subcall function 00BCEF30: memcpy.MSVCRT ref: 00BCEF5F
  • GetCurrentThreadId.KERNEL32 ref: 00BBADD3
    • Part of subcall function 00BCEF30: memcpy.MSVCRT ref: 00BCEF7B
    • Part of subcall function 00BCEF30: memcpy.MSVCRT ref: 00BCEFB0
  • LoadLibraryW.KERNEL32(advapi32.dll,00000004,?,00BEA8F8), ref: 00BBADF1
  • GetProcAddress.KERNEL32(00000000,SystemFunction036), ref: 00BBAE03
  • FreeLibrary.KERNEL32(00000000,?,00BEA8F8), ref: 00BBAE35
  • QueryPerformanceCounter.KERNEL32(?,?,00BEA8F8), ref: 00BBAE46
  • GetTickCount.KERNEL32 ref: 00BBAE5F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcpy$CurrentLibrary$AddressCountCounterFreeLoadPerformanceProcProcessQueryThreadTick
  • String ID: SystemFunction036$advapi32.dll
  • API String ID: 3940253874-1354007664
  • Opcode ID: dc7d28889b666b89380fd7137d75ca53bbd2f2311ec223c4046a98fd94bc1587
  • Instruction ID: 6021c2c943c97a7893c41db6a4f77d9b32650077e99449439ba2bd7c699f99f3
  • Opcode Fuzzy Hash: dc7d28889b666b89380fd7137d75ca53bbd2f2311ec223c4046a98fd94bc1587
  • Instruction Fuzzy Hash: 2A318B306143069BE310EB20E855FAAB3E4FBD4704F104D5DF69567195EE74DA09CBA3
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog
  • String ID: $ MB$ Memory =
  • API String ID: 2614055831-2616823926
  • Opcode ID: 9b1b3e918c36dcd5546a59b7a9e9a0f0a809ffb28a20ab33456b1efad5810151
  • Instruction ID: 9fd7137da34b0e22847a592dc719d9f13f4721397de2e10b1a6c28adcb86132c
  • Opcode Fuzzy Hash: 9b1b3e918c36dcd5546a59b7a9e9a0f0a809ffb28a20ab33456b1efad5810151
  • Instruction Fuzzy Hash: 1F11A772A00205AFDB05AB98DC82E6DBFF5EF84720F244067F504572A0EA756955CB91
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs
  • String ID: : Cannot open the file as [$ERROR$Open $WARNING$] archive
  • API String ID: 1795875747-657955069
  • Opcode ID: 2b81cb15db3bbfad7f0bad22d9c84b336c84dafbc4007d5efbb5378a6f96d9c8
  • Instruction ID: e94d80a4719e2126a931594b94afead30f729a30121a1b1e8c39427877fad53a
  • Opcode Fuzzy Hash: 2b81cb15db3bbfad7f0bad22d9c84b336c84dafbc4007d5efbb5378a6f96d9c8
  • Instruction Fuzzy Hash: E2F082326451197B8A1167996C85D6EFFDADF857A0B1400A7F90443392FF611820DB65
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9514A
  • fputs.MSVCRT ref: 00B9524B
    • Part of subcall function 00B9B618: fputs.MSVCRT ref: 00B9B681
  • fputs.MSVCRT ref: 00B95333
  • fputs.MSVCRT ref: 00B9544B
  • fputs.MSVCRT ref: 00B9549A
    • Part of subcall function 00B61FDA: fflush.MSVCRT ref: 00B61FDC
    • Part of subcall function 00B61FFC: __EH_prolog.LIBCMT ref: 00B62001
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog$fflushfree
  • String ID: Can't allocate required memory$ERRORS:$WARNINGS:
  • API String ID: 1750297421-1898165966
  • Opcode ID: ba548aeff1dbdb0928f901bbde079481e2423762c597ee4a0b62a229b1132c36
  • Instruction ID: f739281d54ae1c654c5377c75897b52e99369ed94bef5b369778350617ad1f3c
  • Opcode Fuzzy Hash: ba548aeff1dbdb0928f901bbde079481e2423762c597ee4a0b62a229b1132c36
  • Instruction Fuzzy Hash: 5CB16A30601B059FDF39EF64C9A1BAAB7E1FF44304F1489BDE55A57292CB74A844CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B8DAEC
    • Part of subcall function 00B74152: __EH_prolog.LIBCMT ref: 00B74157
    • Part of subcall function 00B67F5C: __EH_prolog.LIBCMT ref: 00B67F61
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$free
  • String ID: : $ : MINOR_ERROR$...$Junction: $Link: $REPARSE:$WSL:
  • API String ID: 2654054672-3981964144
  • Opcode ID: bdd40749f369a02b723ff776cf0003821c87424513bca0f35e38873e404c0133
  • Instruction ID: ea3c5c4840bed574e2ef6dd83a6bc267528ebe03abbacccebe94fc2cc53ec05e
  • Opcode Fuzzy Hash: bdd40749f369a02b723ff776cf0003821c87424513bca0f35e38873e404c0133
  • Instruction Fuzzy Hash: BA51E371A14158ABCF10FB94C891ABDBBF5EF95700F0440DBE802BB2E1DB789A45DB51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B95557
  • EnterCriticalSection.KERNEL32(00BEA878), ref: 00B9556D
  • fputs.MSVCRT ref: 00B955F7
  • LeaveCriticalSection.KERNEL32(00BEA878), ref: 00B95730
    • Part of subcall function 00B9B618: fputs.MSVCRT ref: 00B9B681
  • fputs.MSVCRT ref: 00B9563D
    • Part of subcall function 00B6224A: fputs.MSVCRT ref: 00B62267
  • fputs.MSVCRT ref: 00B956C5
  • fputs.MSVCRT ref: 00B956E2
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$CriticalSection$EnterH_prologLeavefputc
  • String ID: Sub items Errors:
  • API String ID: 2670240366-2637271492
  • Opcode ID: 49ee6569428c4f6daa3da963a47fa68cd46d749e46b7ffd8d27c93d39cae60f8
  • Instruction ID: 1d868f1c39aa6524e51e99b0d508d845db0ef0cdcad0e70f06ffca876ea4c064
  • Opcode Fuzzy Hash: 49ee6569428c4f6daa3da963a47fa68cd46d749e46b7ffd8d27c93d39cae60f8
  • Instruction Fuzzy Hash: 1E51BC32541A00DFCB36AFA4D8A5AA9B7E2FF84310F5488AEE15B97261DB347C44CF50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B7585C
    • Part of subcall function 00B73A8B: __EH_prolog.LIBCMT ref: 00B73A90
    • Part of subcall function 00B67B17: __EH_prolog.LIBCMT ref: 00B67B1C
Strings
  • Dangerous symbolic link path was ignored, xrefs: 00B759C4
  • Internal error for symbolic link file, xrefs: 00B75A4C
  • Cannot fill link data, xrefs: 00B75A17
  • Incorrect path, xrefs: 00B7593F
  • Empty link, xrefs: 00B7591A
  • Dangerous link path was ignored, xrefs: 00B758DE
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: Cannot fill link data$Dangerous link path was ignored$Dangerous symbolic link path was ignored$Empty link$Incorrect path$Internal error for symbolic link file
  • API String ID: 3519838083-3151419218
  • Opcode ID: 2c79ab883caf03701a14dfc4073f90a0dd6b10e523494a82d5145ca1850c5c9a
  • Instruction ID: a2cb8db87e0503e41a1eeb698561e471700df8ae29f8d91561c5d60a0e1c83e9
  • Opcode Fuzzy Hash: 2c79ab883caf03701a14dfc4073f90a0dd6b10e523494a82d5145ca1850c5c9a
  • Instruction Fuzzy Hash: D071E271900649EFCF21EBA0C8929EEBBF5EF14310F14C1E9E46973251DB755A08DB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 00B69876
  • GetProcAddress.KERNEL32(00000000), ref: 00B6987D
  • GlobalMemoryStatus.KERNEL32(?), ref: 00B698BD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressGlobalHandleMemoryModuleProcStatus
  • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
  • API String ID: 2450578220-802862622
  • Opcode ID: b6b25361a5b3a93fc3d3497cebc89996340d88fb73b50a21256bfc53940f533d
  • Instruction ID: 8fa2e69098778249362d0966b2bf51ba9cd67d1d6160e9d219a69c938b09d3ee
  • Opcode Fuzzy Hash: b6b25361a5b3a93fc3d3497cebc89996340d88fb73b50a21256bfc53940f533d
  • Instruction Fuzzy Hash: A511577090130AEBDB24DFA0D889BADBBF9FF05341F104859E442A7284E778A884CB64
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 3deed55721e4daa732e6d91069ae110da1681ede5042b26bd0411ed5427c496d
  • Instruction ID: 1608e7671e210b38a89cd99890e8bed51602d4f8fae9f950fd05aa0d209a8bdc
  • Opcode Fuzzy Hash: 3deed55721e4daa732e6d91069ae110da1681ede5042b26bd0411ed5427c496d
  • Instruction Fuzzy Hash: C031A2B1A402067BDB149B20CC82FBA73E9DB90794F0145FAFC4A9A256F661EE00D694
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B83956
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologfree
  • String ID: -----$-----BEGIN PGP SIGNED MESSAGE$Hash: $cksum
  • API String ID: 1978129608-4104380264
  • Opcode ID: 2e5ce5bc778181920f821a6fbf237ae181931e1b9af9c3ed9de0094ecedaa70d
  • Instruction ID: 6386b724f876cc234e33bcf3f0355b695f2de00511cb40e69db659777e5e06cb
  • Opcode Fuzzy Hash: 2e5ce5bc778181920f821a6fbf237ae181931e1b9af9c3ed9de0094ecedaa70d
  • Instruction Fuzzy Hash: 32B1BF71904288AECF11EFA4C491BEEBBF1AF15B04F1444DDE486772A2CB759B49CB21
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B72000
    • Part of subcall function 00B80B3C: __EH_prolog.LIBCMT ref: 00B80B41
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B721E1
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B721FE
  • __EH_prolog.LIBCMT ref: 00B72208
Strings
  • zero size last volume is not allowed, xrefs: 00B721E8
  • Incorrect volume size:, xrefs: 00B721CE
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrow
  • String ID: Incorrect volume size:$zero size last volume is not allowed
  • API String ID: 2366012087-998621408
  • Opcode ID: 1cbf498f54f6303a51ae5fc6eeb67d056b964e8fdc7e2d9ad438a3977d76b024
  • Instruction ID: c88c0352d7cac15c9c5824a4d5dd4c60835bf358849803c788fcb7f5b6f54de4
  • Opcode Fuzzy Hash: 1cbf498f54f6303a51ae5fc6eeb67d056b964e8fdc7e2d9ad438a3977d76b024
  • Instruction Fuzzy Hash: 9C718C31904645DFDB18EFA4C485BEDB7F1FF04300F5484E9E9596B292CB74AA48CBA1
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: Incorrect switch postfix:$Multiple instances for switch:$Too long switch:$Too short switch:$Unknown switch:
  • API String ID: 3519838083-2104980125
  • Opcode ID: 135bda294d5c65c5deb0c32bb5dafdbc99728f7b81f535e69abad62d9a1094ec
  • Instruction ID: 0aa34b57e8389a47652da062d816f426972eba02b09717d5fd9114bbd0911e97
  • Opcode Fuzzy Hash: 135bda294d5c65c5deb0c32bb5dafdbc99728f7b81f535e69abad62d9a1094ec
  • Instruction Fuzzy Hash: 0551BD30A0024AEBCF14DF58C590AADBBF1FF51314F1889DAE4169B692D738EA41CB54
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9608E
    • Part of subcall function 00B9B618: fputs.MSVCRT ref: 00B9B681
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologfputs
  • String ID: Alternate streams$Alternate streams size$Files$Folders$Size
  • API String ID: 1798449854-232602582
  • Opcode ID: 637ea359ffbf98f454b27b4f4b908baf40654001d500cf47da378dafff5bc080
  • Instruction ID: 9f9f194a564944dfcab127c61434523fc5379b58eb032868593a0850cebe87c5
  • Opcode Fuzzy Hash: 637ea359ffbf98f454b27b4f4b908baf40654001d500cf47da378dafff5bc080
  • Instruction Fuzzy Hash: 23319031700701AFDF39AB61C982FAAFBE6EF84310F0446AEF45652691DB70A855CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • EnterCriticalSection.KERNEL32(00BEA878), ref: 00B9470B
  • fputs.MSVCRT ref: 00B9474A
  • fputs.MSVCRT ref: 00B9476F
  • LeaveCriticalSection.KERNEL32(00BEA878), ref: 00B9480B
Strings
  • with the file from archive:, xrefs: 00B9476A
  • Would you like to replace the existing file:, xrefs: 00B94745
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSectionfputs$EnterLeave
  • String ID: Would you like to replace the existing file:$with the file from archive:
  • API String ID: 3346953513-686978020
  • Opcode ID: 140479bfc951bff14c65d09315c979f530ddba20fdf0a1e44c8f9e6ce523df85
  • Instruction ID: de26d690bc2f10e64c00513ff9d201b152eed6b51907a0922ac94893c7e6b40f
  • Opcode Fuzzy Hash: 140479bfc951bff14c65d09315c979f530ddba20fdf0a1e44c8f9e6ce523df85
  • Instruction Fuzzy Hash: 3031C135201208DBDF11DFA4DC81FAA77E5EF4A310F1241EAF81A97250CB38AC52CB65
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologfputs
  • String ID: Cannot open the file$The archive is open with offset$The file is open$WARNING:
  • API String ID: 1798449854-1259944392
  • Opcode ID: 6c21b9abfad9fb2d899f4e88e0596f29dc72d5bff2f1f1633ad64a0e2108b6d4
  • Instruction ID: c929ef1fc845c451828f1acee3bd7b5651bb1473fc14e828b2efc93db9aaabbb
  • Opcode Fuzzy Hash: 6c21b9abfad9fb2d899f4e88e0596f29dc72d5bff2f1f1633ad64a0e2108b6d4
  • Instruction Fuzzy Hash: 2C217F32A00A01AFCF15EB68C492AAEB7F5FF54310F0444BAE502A7791DB74ED45CB91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • fputs.MSVCRT ref: 00B9CCD7
    • Part of subcall function 00B61FDA: fflush.MSVCRT ref: 00B61FDC
  • GetStdHandle.KERNEL32(000000F6), ref: 00B9CCE9
  • GetConsoleMode.KERNEL32(00000000,00000000), ref: 00B9CD0B
  • SetConsoleMode.KERNEL32(00000000,00000000), ref: 00B9CD1C
  • SetConsoleMode.KERNEL32(00000000,00000000), ref: 00B9CD3C
Strings
  • Enter password (will not be echoed):, xrefs: 00B9CCD2
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ConsoleMode$Handlefflushfputs
  • String ID: Enter password (will not be echoed):
  • API String ID: 108775803-3720017889
  • Opcode ID: 8397ea1919b166f89053a7abe8aea36e69f82c0c9b90a3ea149935698a2d8668
  • Instruction ID: 13d3d6eed9431cc6517989a7bff0fb05e366f8215c95da9f348cb6130c707bf9
  • Opcode Fuzzy Hash: 8397ea1919b166f89053a7abe8aea36e69f82c0c9b90a3ea149935698a2d8668
  • Instruction Fuzzy Hash: 1911A332D05119BBCF11ABA9AC11AAEBFF8EF45720F1441F6E861632A0DF345905CB65
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: crc32$crc64$md5$sha1$sha256
  • API String ID: 3519838083-3826973078
  • Opcode ID: b667e2d3a2e5c59267c142e739685a579639454e24d77305750c95f56f93aba6
  • Instruction ID: c8cf6b2ca8dcca3f9da0ba15570a80365941e67c6f8147195ea5df0f43be7b33
  • Opcode Fuzzy Hash: b667e2d3a2e5c59267c142e739685a579639454e24d77305750c95f56f93aba6
  • Instruction Fuzzy Hash: B111A073E0511696CF14B7949A817EDB3FADBD5325F2841F6E402B32A1DB788E40C7A2
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00B66701
  • GetProcAddress.KERNEL32(00000000,FindFirstStreamW), ref: 00B66715
  • GetProcAddress.KERNEL32(00000000,FindNextStreamW), ref: 00B66722
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressProc$HandleModule
  • String ID: FindFirstStreamW$FindNextStreamW$kernel32.dll
  • API String ID: 667068680-4044117955
  • Opcode ID: f966319876c466429c76564e0caeb84b6287f6833144e38374844124ff0a1d32
  • Instruction ID: 8b82f5f877f5bfc817157de89cdeb885913a15571ab14cdbc386681f1f5bed62
  • Opcode Fuzzy Hash: f966319876c466429c76564e0caeb84b6287f6833144e38374844124ff0a1d32
  • Instruction Fuzzy Hash: 04E086716412117B53101B65ACC98B5FFECE5A476131000ABF001E3360EAB818018F61
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: __aulldiv$H_prolog
  • String ID: x$x
  • API String ID: 2300968129-177600594
  • Opcode ID: 9043d3a891d48f778093dc540f69929be3b6b9628669b8f63e71c6573e1b4ed2
  • Instruction ID: e3745d42d11f3b595eff9594b696659e03b162efea079f89dfc5b09f8eb9e26e
  • Opcode Fuzzy Hash: 9043d3a891d48f778093dc540f69929be3b6b9628669b8f63e71c6573e1b4ed2
  • Instruction Fuzzy Hash: 17123471900209EFDF24DFA8C881AADBBF5FF48314F2485E9E829AB251DB359D45CB50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B65C75
  • CreateDirectoryW.KERNEL32(?,00000000,00000000,?,00000000), ref: 00B65C97
  • GetLastError.KERNEL32(?,00000000,00000000,?,00000000), ref: 00B65CA8
  • CreateDirectoryW.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00B65CE3
  • GetLastError.KERNEL32 ref: 00B65CF1
  • GetLastError.KERNEL32(00000000,?,00000000), ref: 00B65D4B
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorLast$CreateDirectory$H_prolog
  • String ID:
  • API String ID: 798237638-0
  • Opcode ID: 1b4e6c9bbaada27dd1a507e41797d390c347527f1d3cfb9dd5bc8afd81cd6be6
  • Instruction ID: 32343c1a72198ad3f38967377856feec9f6f75c7d82763edb797b5b84772d30e
  • Opcode Fuzzy Hash: 1b4e6c9bbaada27dd1a507e41797d390c347527f1d3cfb9dd5bc8afd81cd6be6
  • Instruction Fuzzy Hash: 9E31E131900618AADF20ABA4DC9ABEDB7F5EF11300F1404E8E906771D2DF3D9A95DB50
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: __aulldiv$__aullrem
  • String ID:
  • API String ID: 2022606265-0
  • Opcode ID: 6329fb3b4e3d8ef1cc918d8d491a6fa5370ad761711000448106eccc556a6304
  • Instruction ID: 97df217cc966028d313cba56135c2e338bbb9b244da3e6f14be20f6dae1bcda0
  • Opcode Fuzzy Hash: 6329fb3b4e3d8ef1cc918d8d491a6fa5370ad761711000448106eccc556a6304
  • Instruction Fuzzy Hash: CB21C1B0900219FFDF20AF94DC81DBFBEABEF817A0F2086A9B51462190D2754D60D6A1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B667B6
    • Part of subcall function 00B66581: FindClose.KERNEL32(00000000,?,00B665B9), ref: 00B6658C
  • SetLastError.KERNEL32(00000078,00000000,?,?), ref: 00B667DF
  • SetLastError.KERNEL32(00000000,00000000,?,?), ref: 00B667EB
  • FindFirstStreamW.KERNELBASE(?,00000000,-00000270,00000000), ref: 00B6680C
  • GetLastError.KERNEL32(?,?), ref: 00B66819
  • FindFirstStreamW.KERNELBASE(?,00000000,-00000270,00000000), ref: 00B66855
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorFindLast$FirstStream$CloseH_prolog
  • String ID:
  • API String ID: 1050961465-0
  • Opcode ID: 8060006c8293e085bda657ecaab542123d1e088d397a40310f34f1a087ba3ed3
  • Instruction ID: a07832185049ed78d5213e8fe39b5d16c1b94c3f4dc264115db267825673ee2a
  • Opcode Fuzzy Hash: 8060006c8293e085bda657ecaab542123d1e088d397a40310f34f1a087ba3ed3
  • Instruction Fuzzy Hash: F121B331800206EFCB24AF71D8899BEBBF5FF91310F1442AAE85197190DB394D85DF50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B80626
    • Part of subcall function 00B7EFE3: __EH_prolog.LIBCMT ref: 00B7EFE8
    • Part of subcall function 00B7F3F7: __EH_prolog.LIBCMT ref: 00B7F3FC
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B8072A
    • Part of subcall function 00B8086E: __EH_prolog.LIBCMT ref: 00B80873
Strings
  • Duplicate archive path:, xrefs: 00B80856
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrow
  • String ID: Duplicate archive path:
  • API String ID: 2366012087-4000988232
  • Opcode ID: c1ca9db3cf0e64b0283fbc68d42c3b2c62c642ef23976c6ce7dfbf4d81d79baa
  • Instruction ID: 3e16cd5579f84cfe01935f113e9f3dc968663176e6481959934ac52393784e70
  • Opcode Fuzzy Hash: c1ca9db3cf0e64b0283fbc68d42c3b2c62c642ef23976c6ce7dfbf4d81d79baa
  • Instruction Fuzzy Hash: AC814831D00159DFCF15EBA8D891ADDB7F5EF49310F1440E9E416672A1DB30AE45CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • fputs.MSVCRT ref: 00B9BB03
    • Part of subcall function 00B9B618: fputs.MSVCRT ref: 00B9B681
  • fputs.MSVCRT ref: 00B9BC84
    • Part of subcall function 00B61FDA: fflush.MSVCRT ref: 00B61FDC
  • fputs.MSVCRT ref: 00B9BBB6
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
    • Part of subcall function 00B61FFC: __EH_prolog.LIBCMT ref: 00B62001
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prologfflushfputc
  • String ID: ERRORS:$WARNINGS:
  • API String ID: 1876658717-3472301450
  • Opcode ID: b038bed2556d5583b65137ebc1a24a1374e949420139effaef72226bdbb72ee3
  • Instruction ID: 0fb16ec7b758d31279c201adeb930bee6476557d5c93bb8421eb173052e72177
  • Opcode Fuzzy Hash: b038bed2556d5583b65137ebc1a24a1374e949420139effaef72226bdbb72ee3
  • Instruction Fuzzy Hash: 18714C34601705EBDF24EF65E5A5FAAB7E6EF44300F0488BDE85A472A1DF34A840CB51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • DeviceIoControl.KERNEL32(00000000,00074004,00000000,00000000,00000000,00000020,00000000,00000000), ref: 00B67682
  • DeviceIoControl.KERNEL32(00000002,000700A0,00000000,00000000,?,00000028,00000000,00000000), ref: 00B67725
  • DeviceIoControl.KERNEL32(00000002,00070000,00000000,00000000,00000000,00000018,00000000,00000000), ref: 00B67755
  • DeviceIoControl.KERNEL32(00000002,0002404C,00000000,00000000,00000000,00000018,00000000,00000000), ref: 00B67777
    • Part of subcall function 00B68F71: GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,74DEF5D0,00000002,00000000,?,?,?,?,?,?,00B676EF,00B61B1A,00B6785D,?,00000002), ref: 00B68F8D
    • Part of subcall function 00B68F71: GetProcAddress.KERNEL32(00000000), ref: 00B68F94
    • Part of subcall function 00B68F71: GetDiskFreeSpaceW.KERNEL32(00000002,?,00B6785D,00B676EF,00B61B1A,?,?,?,?,?,?,00B676EF,00B61B1A,00B6785D,?,00000002), ref: 00B68FE4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ControlDevice$AddressDiskFreeHandleModuleProcSpace
  • String ID: :
  • API String ID: 4250411929-336475711
  • Opcode ID: c71d29b9e872d8b0f4f4a8cf22e4f9551dad33b66f74a3c9a39cd38b2424b6fa
  • Instruction ID: 6bdc9129955a700eb2b1eda3398fddc98baf3aac248580d53ec5a25554fc98b5
  • Opcode Fuzzy Hash: c71d29b9e872d8b0f4f4a8cf22e4f9551dad33b66f74a3c9a39cd38b2424b6fa
  • Instruction Fuzzy Hash: 365183B5948348AEDB21DFA4C840DEABBFCEF18308F05C499F55597251EA35AD84CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B69C54
    • Part of subcall function 00B6976D: RegCloseKey.ADVAPI32(?,?,00B69763), ref: 00B69779
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CloseH_prolog
  • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$Previous Update Revision$Update Revision$x86
  • API String ID: 1579395594-270022386
  • Opcode ID: fe9d8f75332dd475f02bdaee3af4ce9ec64663c2ae3fe324f116b50a3f6d5fa8
  • Instruction ID: 21a9b7739b6a4c6f21d5ea015247f680f9c6016dd3952649057c48e3ba2d4ba9
  • Opcode Fuzzy Hash: fe9d8f75332dd475f02bdaee3af4ce9ec64663c2ae3fe324f116b50a3f6d5fa8
  • Instruction Fuzzy Hash: 17518F71E00209EFCB14EF94C8929AEB7F9EF18300F1084BDE115A7291DB789D05CB50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B69A3D
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologfree
  • String ID: act:$ cpus:$ gran:$ page:
  • API String ID: 1978129608-454015223
  • Opcode ID: 7d971deaf450c99f5258071af2c242e58e2926c60ba36a825f0c671a608c3ab6
  • Instruction ID: 7f151e217a6d16d0aa51abbb5251b1adfa71fe7f5956f79f20a48e84ccf86eb2
  • Opcode Fuzzy Hash: 7d971deaf450c99f5258071af2c242e58e2926c60ba36a825f0c671a608c3ab6
  • Instruction Fuzzy Hash: C1418071B007019AEB286F649C52B7EB2EAEF84711F0449BDF483A76D2DE7C9C488750
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B719C8
    • Part of subcall function 00B61AEA: __EH_prolog.LIBCMT ref: 00B61AEF
    • Part of subcall function 00B61AEA: GetLastError.KERNEL32(00000000,?,00000000,00000000), ref: 00B61B1E
  • _CxxThrowException.MSVCRT(00000001,00BE1428), ref: 00B71A82
    • Part of subcall function 00B655C8: __EH_prolog.LIBCMT ref: 00B655CD
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
    • Part of subcall function 00B80B88: __EH_prolog.LIBCMT ref: 00B80B8D
  • _CxxThrowException.MSVCRT(00000001,00BE1428), ref: 00B71A65
  • _CxxThrowException.MSVCRT(00000001,00BE1428), ref: 00B71AA9
Strings
  • The file operation error for listfile, xrefs: 00B71A12
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrow$ErrorLastfree
  • String ID: The file operation error for listfile
  • API String ID: 362913088-4247703111
  • Opcode ID: f5e2624a29638d139c627e84f1d459dd46da15df4a77e54aeb3c92d6c0169b26
  • Instruction ID: b438d71ca8e76341d42477b154a97f9871bcddce96e0917ea6b1fe8e6fd2d33d
  • Opcode Fuzzy Hash: f5e2624a29638d139c627e84f1d459dd46da15df4a77e54aeb3c92d6c0169b26
  • Instruction Fuzzy Hash: 53414771D0021AAFCF11EBE8D841AEEBBF5EF18700F10859AF42573261DB749A45CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B659A2
  • GetModuleHandleW.KERNEL32(kernel32.dll,CreateHardLinkW), ref: 00B659BC
  • GetProcAddress.KERNEL32(00000000), ref: 00B659C3
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressH_prologHandleModuleProc
  • String ID: CreateHardLinkW$kernel32.dll
  • API String ID: 786088110-294928789
  • Opcode ID: e780f8622e87ad08b8f7aab2652be73306f4882ec6d6dfc441d3ea7cc430cace
  • Instruction ID: 8e2035b76b4ad4c0018f1cc01d2c5cd395b374a93e2379049100f136f533fd9c
  • Opcode Fuzzy Hash: e780f8622e87ad08b8f7aab2652be73306f4882ec6d6dfc441d3ea7cc430cace
  • Instruction Fuzzy Hash: 7B21D072D1061AAFCF25EBE4DD86AEEB7F5EF44740F1406A5E801B3290DA398D10CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • EnterCriticalSection.KERNEL32(00BEA878), ref: 00B94CC2
  • fputs.MSVCRT ref: 00B94D56
  • fputs.MSVCRT ref: 00B94D6F
  • LeaveCriticalSection.KERNEL32(00BEA878), ref: 00B94DB1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSectionfputs$EnterLeave
  • String ID: :
  • API String ID: 3346953513-3653984579
  • Opcode ID: 3df3f90eb0f91e9471de46ffa153c7e87ead7bcfe93173ac5679cef13e2bea0d
  • Instruction ID: 23dcfc802663544d228da4963ab350f5993c1c3ab932a7491b3f216417a356b5
  • Opcode Fuzzy Hash: 3df3f90eb0f91e9471de46ffa153c7e87ead7bcfe93173ac5679cef13e2bea0d
  • Instruction Fuzzy Hash: 32318831901604DFDB54EFA4E894E99B7F4FF44325F1185BEE85A9B262DB34A805CF20
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9C123
  • fputs.MSVCRT ref: 00B9C1E5
    • Part of subcall function 00B9B618: fputs.MSVCRT ref: 00B9B681
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog
  • String ID: Archive size: $Files read from disk$Volumes:
  • API String ID: 2614055831-73833580
  • Opcode ID: 0b552ead757f7c6c411a6e5b187e9d74d82710c3025e3f29dc80cefc2f826d70
  • Instruction ID: 7660be75111dd0d11cc491019539e786093e51fe82ae9867de4b37061e0e9d1a
  • Opcode Fuzzy Hash: 0b552ead757f7c6c411a6e5b187e9d74d82710c3025e3f29dc80cefc2f826d70
  • Instruction Fuzzy Hash: 74214C31900606EBDB14EBA4C856FEEFBF5EF54304F0045B9A116661E1EF74A98ACB90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9A716
  • fputs.MSVCRT ref: 00B9A73F
    • Part of subcall function 00B655C8: __EH_prolog.LIBCMT ref: 00B655CD
    • Part of subcall function 00B61FFC: __EH_prolog.LIBCMT ref: 00B62001
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
  • fputs.MSVCRT ref: 00B9A783
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$fputs$fputcfree
  • String ID: : $----------------
  • API String ID: 1877784702-4071417161
  • Opcode ID: 65b11785a7ee659a3b1742f5acaaf92c91fe29d582248816209c0142d1d62e51
  • Instruction ID: 92359413ec63858b9f019f778255c7a966f16c8c5eacb0f6567664ca0bfeb9c9
  • Opcode Fuzzy Hash: 65b11785a7ee659a3b1742f5acaaf92c91fe29d582248816209c0142d1d62e51
  • Instruction Fuzzy Hash: D2019232604611EFCB14AFA8D856A5DBBF6EF88350B1045BEF016A72E1DF35AC048B55
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9C24C
  • fputs.MSVCRT ref: 00B9C26F
    • Part of subcall function 00B61FFC: __EH_prolog.LIBCMT ref: 00B62001
  • fputs.MSVCRT ref: 00B9C2AB
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologfputs$fputcfree
  • String ID: : $Write SFX:
  • API String ID: 1941438168-2530961540
  • Opcode ID: ee7484b273959e00f6d64c8101dbe3532a7a58f88fca9047dc3537173fd89b21
  • Instruction ID: 127db7799489a55d915a13672cebdf88ffa66b3fe6dd63fa97085c3324fef0a4
  • Opcode Fuzzy Hash: ee7484b273959e00f6d64c8101dbe3532a7a58f88fca9047dc3537173fd89b21
  • Instruction Fuzzy Hash: 66018432504205AFCF05AFA4E802FAEFBF6EF44310F1444AAF405A21A1DF75A955DB54
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetSystemInfo.KERNEL32(?), ref: 00B699F9
    • Part of subcall function 00B69A38: __EH_prolog.LIBCMT ref: 00B69A3D
  • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 00B69A13
  • GetProcAddress.KERNEL32(00000000), ref: 00B69A1A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressH_prologHandleInfoModuleProcSystem
  • String ID: GetNativeSystemInfo$kernel32.dll
  • API String ID: 2024292667-192647395
  • Opcode ID: 7fb91f94c9b21c396d71af1c80dc743db15a5bb966b7740d425d4dbf7b2da740
  • Instruction ID: a8eb58f6ee25ee86e39843102e1a5a8d4fcf53bdc81f330e3b605e5873dcd940
  • Opcode Fuzzy Hash: 7fb91f94c9b21c396d71af1c80dc743db15a5bb966b7740d425d4dbf7b2da740
  • Instruction Fuzzy Hash: F6F09672A012456BCB01EBA4C859BDDF7EDAF94312F044589E401E7291EFB8D905CBA1
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcpy$H_prologmemset
  • String ID:
  • API String ID: 2371260246-0
  • Opcode ID: 2f0c45107fb38bd53f807a5c3f1aebdd1ff4d6f15ce2b827b2ee8fde163a26ee
  • Instruction ID: 5a5ff00dd1da014a5f831c48332a998bddfd6a91caf5ca4fca7ec402cc0d66b8
  • Opcode Fuzzy Hash: 2f0c45107fb38bd53f807a5c3f1aebdd1ff4d6f15ce2b827b2ee8fde163a26ee
  • Instruction Fuzzy Hash: 67127171A40246DFCB20CFA4C888AAEB7F5FF48300F1488ADE56ADB251DB75AD45CB11
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00BC7D90: WaitForSingleObject.KERNEL32(?,000000FF,00B79D84,?), ref: 00BC7D93
    • Part of subcall function 00BC7D90: GetLastError.KERNEL32(?,000000FF,00B79D84,?), ref: 00BC7D9E
    • Part of subcall function 00BC6CA0: EnterCriticalSection.KERNEL32(?,?,?,00BC6439), ref: 00BC6CA8
    • Part of subcall function 00BC6CA0: LeaveCriticalSection.KERNEL32(?,?,?,00BC6439), ref: 00BC6CB2
  • EnterCriticalSection.KERNEL32(?), ref: 00BC65FE
  • LeaveCriticalSection.KERNEL32(?), ref: 00BC6618
  • EnterCriticalSection.KERNEL32(?), ref: 00BC6682
  • LeaveCriticalSection.KERNEL32(?), ref: 00BC66A8
  • EnterCriticalSection.KERNEL32(?), ref: 00BC670E
  • LeaveCriticalSection.KERNEL32(?), ref: 00BC6746
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$EnterLeave$ErrorLastObjectSingleWait
  • String ID:
  • API String ID: 2116739831-0
  • Opcode ID: 1ff22913ee79b33dd213830a771e7f967c57e468beb0a7e5fdba6c97425dcf51
  • Instruction ID: 361d15056cea02d7db4bcd3248b429bddc2fde255eeb40047be3c5db5ff5af81
  • Opcode Fuzzy Hash: 1ff22913ee79b33dd213830a771e7f967c57e468beb0a7e5fdba6c97425dcf51
  • Instruction Fuzzy Hash: 25C12675604B058FC724DF28D580FA7B7E1FF98314F204A6EE9AA87251EB30E949CB51
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: wcscmp$ExceptionH_prologThrow
  • String ID:
  • API String ID: 2750596395-0
  • Opcode ID: 95ccda2ba4235917e3eafb9bbc5f2b118ca7d844576a4512ae0c39258669b605
  • Instruction ID: c69d39733f68adf76f03ed0a6194bb2d41d65e6dcdfae5ab5088fab055dfcf1b
  • Opcode Fuzzy Hash: 95ccda2ba4235917e3eafb9bbc5f2b118ca7d844576a4512ae0c39258669b605
  • Instruction Fuzzy Hash: 9F918631D01649EFCF15DFA8C884AEDBBF1EF19314F1880A9E411A7291DB389A45CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID:
  • API String ID: 3519838083-0
  • Opcode ID: 9fefe8447b01f2492fb4f79823137b848e8f7e520c75fec4621ff8bc9f5df3b3
  • Instruction ID: c57e43264fa54e5a81f7c08c4d24ee01a0fa520d85fec068eeab53c8d1748c73
  • Opcode Fuzzy Hash: 9fefe8447b01f2492fb4f79823137b848e8f7e520c75fec4621ff8bc9f5df3b3
  • Instruction Fuzzy Hash: 15519F76A043069FDB10DFA4C8D1FBEB7F5FF89314F1484A9E521AB242DB74A9058B60
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$CriticalSection$EnterLeave
  • String ID:
  • API String ID: 1081906680-0
  • Opcode ID: abb7e8fbeb81550e78c15edc1ed48a1ffc682bc78bcee6d5d1751a28671a4df7
  • Instruction ID: cf10fe08c4ab575cd6b5d0ac8a75e5414a9079307d70b353d25830a29886c3ed
  • Opcode Fuzzy Hash: abb7e8fbeb81550e78c15edc1ed48a1ffc682bc78bcee6d5d1751a28671a4df7
  • Instruction Fuzzy Hash: 8951BB31201606DFEF24DF64D891FAABBE1FF44314F0084AEE45A972A1DB75AC86CB15
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B65E60
    • Part of subcall function 00B669AB: __EH_prolog.LIBCMT ref: 00B669B0
  • SetLastError.KERNEL32(0000010B,00000000,00000000), ref: 00B65EB6
  • GetLastError.KERNEL32(?,?,?,0000005C,?,00000000,00000000), ref: 00B65F8D
  • SetLastError.KERNEL32(?,?,?,?,?,0000005C,?,00000000,00000000), ref: 00B65FC8
    • Part of subcall function 00B65DB5: __EH_prolog.LIBCMT ref: 00B65DBA
    • Part of subcall function 00B65DB5: DeleteFileW.KERNEL32(?,?,?,00000000), ref: 00B65DFE
  • GetLastError.KERNEL32(?,?,?,0000005C,?,00000000,00000000), ref: 00B65FA4
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorLast$H_prolog$DeleteFile
  • String ID:
  • API String ID: 3586524497-0
  • Opcode ID: f1f924f531106769a06c66cddd0a09697bb3aa0caa03877193ef3b4df0795afc
  • Instruction ID: dc16eebbc262ce0ae1d116a48edc166f8d5b7d5fe5532a761ac08e934befc3bd
  • Opcode Fuzzy Hash: f1f924f531106769a06c66cddd0a09697bb3aa0caa03877193ef3b4df0795afc
  • Instruction Fuzzy Hash: AB519E31C04619EEDF25EBA8E892BEDBBF8AF15300F1441D9E85173192DB395A0ACB51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • WideCharToMultiByte.KERNEL32(?,00000000,0000005F,00000000,00000000,00000000,00000000,00000000,?,?,7597AB50,0000005F,?,?,?), ref: 00B6396F
  • GetLastError.KERNEL32(?,?,7597AB50,0000005F,?,?,?), ref: 00B63978
  • _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00B63996
  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000005F,00000000,?,?,00000001,00000001,?,?,7597AB50,0000005F,?), ref: 00B639FD
  • _CxxThrowException.MSVCRT(0000FDE9,00BDFFC8), ref: 00B63A25
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ByteCharExceptionMultiThrowWide$ErrorLast
  • String ID:
  • API String ID: 2296236218-0
  • Opcode ID: a2c6d0aba8475a246c5c166b43a975074c8094685d2b915f87d11adc6d8590c2
  • Instruction ID: 48732338da89d607cc52c7764ce9aa5ffd28a6c5544642865ac5ff699cff8e28
  • Opcode Fuzzy Hash: a2c6d0aba8475a246c5c166b43a975074c8094685d2b915f87d11adc6d8590c2
  • Instruction Fuzzy Hash: 3931A37150824ABFDB11CFA4CC81BBEBBF9EF15704F148099E445D7181D7B89A45CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 67f05fb5810a0702276694881e600bb7874672ab001f99d4c2302d3d4ce66d9c
  • Instruction ID: 33c9b2899a9d1b6dbe3c2620c4f53ef6d93335ad7cdc79829da5db14f22029b3
  • Opcode Fuzzy Hash: 67f05fb5810a0702276694881e600bb7874672ab001f99d4c2302d3d4ce66d9c
  • Instruction Fuzzy Hash: 8D21F971740206BBDB049A14CC82FBA73EDDF90B54F0180EAFD0ADB256F660EF009694
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 9f5d697fc82d787464e023b43cc4317fcbb333596289bd9346f79d04f8a6b5a7
  • Instruction ID: f615b6fe004db0f80ca74ddd6981d9999d9ddb046277cc6abe0bc176eb33e69a
  • Opcode Fuzzy Hash: 9f5d697fc82d787464e023b43cc4317fcbb333596289bd9346f79d04f8a6b5a7
  • Instruction Fuzzy Hash: A621C2B12402057BDB108A10DC81FBB73EDDB90794F1084FAFD45AB241F666ED008AA2
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 0c33b4b5b81574417c2046e7e17225b1b8d34d7d1f04b7ce5373e138b52a5e53
  • Instruction ID: 2ea345fa1239dfb44fae29f4fbd50d3864bd433091d8c4282a85cd2a9bcf5d9d
  • Opcode Fuzzy Hash: 0c33b4b5b81574417c2046e7e17225b1b8d34d7d1f04b7ce5373e138b52a5e53
  • Instruction Fuzzy Hash: 8721C5716842067BD700AE25CC82FBA73E9DB90798F2040FAFD45DA221FA60ED00C7A4
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 886973652391ca0104ddfea1d2b243db8b90ef4a81bdc9688b07b1d6c32f3ec6
  • Instruction ID: 45b324f74fa0de791b65d4fe16112e941ff92a3c375bdbd5308d157a46ace777
  • Opcode Fuzzy Hash: 886973652391ca0104ddfea1d2b243db8b90ef4a81bdc9688b07b1d6c32f3ec6
  • Instruction Fuzzy Hash: 87219FB17842057BD7044A28DD82FBE73EDDB927A4F0548EAFD459F352F660EE008694
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B656E3
  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000000,?,?,?,?,?), ref: 00B65722
  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000000,?,?,00000000,?,?,?,?,?), ref: 00B65762
  • SetFileTime.KERNEL32(000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,?), ref: 00B65784
  • CloseHandle.KERNEL32(000000FF,?,00000000,?,?,?,?,?,?,?), ref: 00B65792
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: File$Create$CloseH_prologHandleTime
  • String ID:
  • API String ID: 213185242-0
  • Opcode ID: bf52b51549ea1388740bfb2f7208eb4489d42d6f800924e979427420f7d5631a
  • Instruction ID: 803ba7f3b06873e18fff8b4463c4553c14cb1a9606a0a51663ff25b1907fa893
  • Opcode Fuzzy Hash: bf52b51549ea1388740bfb2f7208eb4489d42d6f800924e979427420f7d5631a
  • Instruction Fuzzy Hash: CF216A3194020AEBDF219FA4DC46BFEBBB9EF44320F144265E520761E0D7754A51DB90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B95FA6
  • fputs.MSVCRT ref: 00B95FC4
  • fputs.MSVCRT ref: 00B95FE9
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
  • fputs.MSVCRT ref: 00B96003
    • Part of subcall function 00B83294: strlen.MSVCRT ref: 00B832DE
  • fputs.MSVCRT ref: 00B96022
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prologfputcfreestrlen
  • String ID:
  • API String ID: 154898386-0
  • Opcode ID: 26a86617d7ce07bc8c71667acb81f7af654081da495cc3807b6216bec2fe8c7d
  • Instruction ID: e20c3a7e664e15f271060e350192634b3f2dadbdc61f1c11089e55944a5f8dca
  • Opcode Fuzzy Hash: 26a86617d7ce07bc8c71667acb81f7af654081da495cc3807b6216bec2fe8c7d
  • Instruction Fuzzy Hash: 33117032A00209EFDF05EFA8DC52AADBFBAEF44350F1040A6F515A71A1DB359A54DB90
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: exit$CriticalSection$EnterLeave
  • String ID:
  • API String ID: 43521-0
  • Opcode ID: fa68be753bddbcfcde807746bbbcc2f496a7e6ff8ea07045f4eb74741b871e39
  • Instruction ID: 431ae74168bddee50f443c15caa0e9df48bd85e27988bac6482647e2d6b010a2
  • Opcode Fuzzy Hash: fa68be753bddbcfcde807746bbbcc2f496a7e6ff8ea07045f4eb74741b871e39
  • Instruction Fuzzy Hash: 12110571401B42CFC730EF62D881AA6FBF5BF54300B404AAEE59742A41DBB0B589CF51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B669B0
  • SetLastError.KERNEL32(00000002,-00000050,0000000F,-00000038,:$DATA,?,00000000,?), ref: 00B66C02
    • Part of subcall function 00B669AB: wcscmp.MSVCRT ref: 00B66DDE
    • Part of subcall function 00B6692E: __EH_prolog.LIBCMT ref: 00B66933
    • Part of subcall function 00B6692E: GetFileAttributesW.KERNEL32(?,?,?,00000000,?), ref: 00B66953
    • Part of subcall function 00B6692E: GetFileAttributesW.KERNEL32(?,00000000,?,?,00000000,?), ref: 00B66982
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AttributesFileH_prolog$ErrorLastwcscmp
  • String ID: :$DATA
  • API String ID: 3316598575-2587938151
  • Opcode ID: ce02625f8a36f49b2277a0edb18070f01334f1cb16a4b4a24a773bc8a8df2f2e
  • Instruction ID: 7c034c3cc029f71ce2606f45d9a3a21d85bfe951b0cc6b740d8835ef41a76de9
  • Opcode Fuzzy Hash: ce02625f8a36f49b2277a0edb18070f01334f1cb16a4b4a24a773bc8a8df2f2e
  • Instruction Fuzzy Hash: 93E1F134900609DACF24EFA4C495BEDBBF0FF14314F14859DE88667292DB7DA94ACB10
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: !$LZMA2:$LZMA:
  • API String ID: 3519838083-3332058968
  • Opcode ID: 31aa04007d0446b2528af3dcee59a2796a906da290adf41365dcd6ac22f20e47
  • Instruction ID: 7f82d9faa14587233580ddff36ad4348bc0a8a7138bc388ac6e5851c23aef333
  • Opcode Fuzzy Hash: 31aa04007d0446b2528af3dcee59a2796a906da290adf41365dcd6ac22f20e47
  • Instruction Fuzzy Hash: BD61B170D0810AAEDB15DB64C985BFD7BF1EF2A304F1440E9E8066B962DF749E84CB40
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00BAA6F4
    • Part of subcall function 00B634EF: memmove.MSVCRT ref: 00B63514
    • Part of subcall function 00BAA642: __EH_prolog.LIBCMT ref: 00BAA647
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$memmove
  • String ID: hcf$mtf$rsfx
  • API String ID: 593149739-3699647704
  • Opcode ID: 6a19ebb053aad2f65737a7d7fbae3eedddae2ee6bb7584b33909d64aadf80c00
  • Instruction ID: 037e6ce042288d06f03d002fb1bd6361acd7a2c07f9f7905db2707e4864b0525
  • Opcode Fuzzy Hash: 6a19ebb053aad2f65737a7d7fbae3eedddae2ee6bb7584b33909d64aadf80c00
  • Instruction Fuzzy Hash: 8A518F319085058BCF24EFA4C4D09BEB7F2EB46314F14C4EAE8665B281DB3C9D46DB62
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B75CC3
    • Part of subcall function 00B75B6A: __EH_prolog.LIBCMT ref: 00B75B6F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: Incorrect reparse stream$Unknown reparse stream$can't delete file
  • API String ID: 3519838083-394804653
  • Opcode ID: 310b43afc807044bd0f1b0561ac25071a060f744bd09704796be12ac29622728
  • Instruction ID: c1df3431246cdeb8e41bfa65c540c628a0a378876d75c66b1733529e29fbe90d
  • Opcode Fuzzy Hash: 310b43afc807044bd0f1b0561ac25071a060f744bd09704796be12ac29622728
  • Instruction Fuzzy Hash: CB418772900A859FCB31DFA484959EEFBF5EF55300F5884EED0AAA3201D6B06E45CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B95A80
    • Part of subcall function 00B958F5: __EH_prolog.LIBCMT ref: 00B958FA
  • fputs.MSVCRT ref: 00B95BB5
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$fputs
  • String ID: Name$Size
  • API String ID: 3822167597-481755742
  • Opcode ID: c6d0f6a03e41e287eb4573bda8a69d1cc462b7c43b278d5426672be56cfec579
  • Instruction ID: 45b0aad7d077be10286e9c0be525746b566602505f167105d1ac3d0643e57a15
  • Opcode Fuzzy Hash: c6d0f6a03e41e287eb4573bda8a69d1cc462b7c43b278d5426672be56cfec579
  • Instruction Fuzzy Hash: 7E41A375A44A049FCF16EFA4C8A1AEDB7F6FF88310F1444B9E845AB252CB349D41CB64
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B717BD
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B718D0
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B718EE
    • Part of subcall function 00B71904: __EH_prolog.LIBCMT ref: 00B71909
    • Part of subcall function 00B71904: _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B719AD
Strings
  • There is no second file name for rename pair:, xrefs: 00B718BD
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrow$H_prolog
  • String ID: There is no second file name for rename pair:
  • API String ID: 206451386-3412818124
  • Opcode ID: c2c668cf1004018fa85d72f23c1541dc4a44c7aea58b34ab3e6763638e43aeea
  • Instruction ID: 126280dd713b509ccf79903e6641bd63449e4299c09f2daa9cccaf7871fe288f
  • Opcode Fuzzy Hash: c2c668cf1004018fa85d72f23c1541dc4a44c7aea58b34ab3e6763638e43aeea
  • Instruction Fuzzy Hash: 47416C7190020ADBCB04DF9CC881BAEBBF1FB55314F148699E82967291CB709945CBA2
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B85949
    • Part of subcall function 00BA6B33: _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00BA6B59
    • Part of subcall function 00B61524: __EH_prolog.LIBCMT ref: 00B61529
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
    • Part of subcall function 00B63525: memmove.MSVCRT ref: 00B63561
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrowfreememmove
  • String ID: crc$flags$memuse
  • API String ID: 2665131394-339511674
  • Opcode ID: 54ce49f2dddb4e456e14ee9705c9b8c9b3a9bf1e9939453e7cee15137efa4e79
  • Instruction ID: b6fa4243123f185841aa897c12846f077ce7f0aa5b91e98e8a5455151683a3c4
  • Opcode Fuzzy Hash: 54ce49f2dddb4e456e14ee9705c9b8c9b3a9bf1e9939453e7cee15137efa4e79
  • Instruction Fuzzy Hash: 7A31C031900A09DFDF25FB94C492AEEB7F1AF04314F0440D5E8053B2A1DB799E49CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B69F4C
    • Part of subcall function 00B6A088: GetModuleHandleW.KERNEL32(ntdll.dll,?,00B69F84,00000001), ref: 00B6A090
    • Part of subcall function 00B6A088: GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00B6A0A0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressH_prologHandleModuleProc
  • String ID: : $ SP:$Windows
  • API String ID: 786088110-3655538264
  • Opcode ID: 92328ababc267f5c9910ff0dbe11b85ba59a72e0b01d57271c5fb2958b5447df
  • Instruction ID: 403fe810893e5be997d7033cfb9e8febd060668f9f0ecda7c15ac83419fa1ce7
  • Opcode Fuzzy Hash: 92328ababc267f5c9910ff0dbe11b85ba59a72e0b01d57271c5fb2958b5447df
  • Instruction Fuzzy Hash: 32311871C006199AEF15EBA5C8639EEBBF4AF18300F0040E9E602731D1EB795E88CB91
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$fputc
  • String ID: : Removing files after including to archive$Removing
  • API String ID: 1185151155-1218467041
  • Opcode ID: 042612f9dd65213e9fdc9da244b2a3d37db119840222dd397520859626632089
  • Instruction ID: b30b696fae49389e37bc938ab941b2af414e92802a7df450f78dd0412b52f916
  • Opcode Fuzzy Hash: 042612f9dd65213e9fdc9da244b2a3d37db119840222dd397520859626632089
  • Instruction Fuzzy Hash: 2C318E32104B41DBDB65EB70D891ABAB7E6EF54300F0489AEE0AB16162EF347949CB15
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B7DD98
    • Part of subcall function 00B7A24D: memset.MSVCRT ref: 00B7A268
    • Part of subcall function 00B7A24D: strlen.MSVCRT ref: 00B7A286
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologmemsetstrlen
  • String ID: ?$ MB$RAM
  • API String ID: 2475707007-294454972
  • Opcode ID: 77ffe98f60acc25a8b4f9cf17000b285a686307b92fbcb6e36ac491ce8a6fbf5
  • Instruction ID: 3159d4590d6654bee8cc196df33ee225f835847b09e634a401d3f69c5a8dc1c4
  • Opcode Fuzzy Hash: 77ffe98f60acc25a8b4f9cf17000b285a686307b92fbcb6e36ac491ce8a6fbf5
  • Instruction Fuzzy Hash: 26214931700104AFCB24EF58C84AA6EBBF6EF89711F1044AAF5969B3A0CB758D41DB81
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog
  • String ID: =
  • API String ID: 2614055831-2525689732
  • Opcode ID: b0481d95f2e096056d4610a6739d1b3ef2ca346c68328894fed16c84b18c2716
  • Instruction ID: f380b0274f345859e0d9d32000ae85612a9ae2393291eb54f87086f85ec7408f
  • Opcode Fuzzy Hash: b0481d95f2e096056d4610a6739d1b3ef2ca346c68328894fed16c84b18c2716
  • Instruction Fuzzy Hash: 33219D32918119EFDF09EB94E852AEEBBF5EF48310F2440AAF401721A1EF755E45DB90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B85DEB
    • Part of subcall function 00B8683E: __EH_prolog.LIBCMT ref: 00B86843
    • Part of subcall function 00B8683E: wcscmp.MSVCRT ref: 00B868D0
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
    • Part of subcall function 00BA6B33: _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00BA6B59
    • Part of subcall function 00B862D5: __EH_prolog.LIBCMT ref: 00B862DA
    • Part of subcall function 00B85F61: __EH_prolog.LIBCMT ref: 00B85F66
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrowfreewcscmp
  • String ID: A0$Hash$sha256 sha512 sha224 sha384 sha1 sha md5 crc32 crc64 asc cksum
  • API String ID: 4250029832-3656212537
  • Opcode ID: b1a0e83b5bc01211c19d5d4069ee9d95344771debb852c15e8170993a31e59ed
  • Instruction ID: 4c8748f32d2c8d05e652bd358245f0b4f5250edb42e7117b48312dcbe284b1b6
  • Opcode Fuzzy Hash: b1a0e83b5bc01211c19d5d4069ee9d95344771debb852c15e8170993a31e59ed
  • Instruction Fuzzy Hash: 75214971D01388EECB09EBE4D9969DDBBF4AF55310F2041AEE40577292DB740E08CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9C88F
  • fputs.MSVCRT ref: 00B9C8FF
  • fputs.MSVCRT ref: 00B9C908
    • Part of subcall function 00B9B618: fputs.MSVCRT ref: 00B9B681
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog
  • String ID: :
  • API String ID: 2614055831-3653984579
  • Opcode ID: 641e10f15692f33dbb23f1d8288dc2c488c18d17e5eff1796aa91651430a609c
  • Instruction ID: 510145d4bf91917320a3526edad5d9270042ea0116c991bde85aae9cf1f82429
  • Opcode Fuzzy Hash: 641e10f15692f33dbb23f1d8288dc2c488c18d17e5eff1796aa91651430a609c
  • Instruction Fuzzy Hash: 19115131900605EFDB15EBA9D892EAEFBE6EF84310F1444AEE81617291DB35A841CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B71909
    • Part of subcall function 00B727EA: __EH_prolog.LIBCMT ref: 00B727EF
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B719AD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrow
  • String ID: -r0$Unsupported rename command:
  • API String ID: 2366012087-1002762148
  • Opcode ID: 92628d2ee1e6c88cfab9fd46e513a1fea353984bfaa51eeedc10496b4323a09d
  • Instruction ID: 700bc48e3fe7b27c86d7f2c1d8b2085738146d524c2bf22a70a23be40c6bdb27
  • Opcode Fuzzy Hash: 92628d2ee1e6c88cfab9fd46e513a1fea353984bfaa51eeedc10496b4323a09d
  • Instruction Fuzzy Hash: 141181319002059ACB14FF99C8A39FEF7F4DF65740F4044E9EA1573192DB785A4AC7A1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B97175
  • fputs.MSVCRT ref: 00B9718A
  • fputs.MSVCRT ref: 00B97193
    • Part of subcall function 00B971EE: __EH_prolog.LIBCMT ref: 00B971F3
    • Part of subcall function 00B971EE: fputs.MSVCRT ref: 00B97230
    • Part of subcall function 00B971EE: fputs.MSVCRT ref: 00B97266
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prolog
  • String ID: =
  • API String ID: 2614055831-2525689732
  • Opcode ID: 1633e261bcd2556a59d4fcfcee91f00ca4c2ce4f5eec777d44eb5cb5a9eea4b4
  • Instruction ID: 7f3299210e3791ea8544135173c5d4f0056ce9387599e9323a4689ffbd050a2b
  • Opcode Fuzzy Hash: 1633e261bcd2556a59d4fcfcee91f00ca4c2ce4f5eec777d44eb5cb5a9eea4b4
  • Instruction Fuzzy Hash: 3C01F931A00014ABCF05BB58C812EEEBFF6EF84710F0040AAF401622A1CF794945CFD1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00B690C6
  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00B690D6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: RtlGetVersion$ntdll.dll
  • API String ID: 1646373207-1489217083
  • Opcode ID: 0b3632c9969444e10ff7ca3444b9daa0c2c9f98f4cb6c55ae2e1fc270118201f
  • Instruction ID: ce101bea72d2b6a9b944e056bb8e23df54ffa9ccf949924621ac5baf57b216f7
  • Opcode Fuzzy Hash: 0b3632c9969444e10ff7ca3444b9daa0c2c9f98f4cb6c55ae2e1fc270118201f
  • Instruction Fuzzy Hash: CAF01D30E9021A66DF35BB709C1FAE972E8FB17708F1009E59605F1184EBBCDAC08A91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _CxxThrowException.MSVCRT(?,00BE6090), ref: 00B9A3DE
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
  • fputs.MSVCRT ref: 00B9A3BD
  • fputs.MSVCRT ref: 00B9A3C2
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$ExceptionThrowfputc
  • String ID: ERROR:
  • API String ID: 2339886702-977468659
  • Opcode ID: 79dbd6907c535a36a284a10a7007b7967d54b422b3c2ee8c9af7e5271109066d
  • Instruction ID: 9d9091bc83024b3940db355cdc29309d7c115dfadb3bf1f531be8a1502184eb1
  • Opcode Fuzzy Hash: 79dbd6907c535a36a284a10a7007b7967d54b422b3c2ee8c9af7e5271109066d
  • Instruction Fuzzy Hash: EBF0A072A00219BB8B01ABDDCC51C9EB7FDEF88710315049AF500A3311DB716E008BE1
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$fputc
  • String ID: $:
  • API String ID: 1185151155-4041779174
  • Opcode ID: f5a6852681050ef4fb38ad2ae95fc2c9997c6e668c7f45c8c6b63b56b3e52f02
  • Instruction ID: 3ef7f7a2af8c0257171383d531dc4c466dc1732a7eaf808642e014a9f1ba22ed
  • Opcode Fuzzy Hash: f5a6852681050ef4fb38ad2ae95fc2c9997c6e668c7f45c8c6b63b56b3e52f02
  • Instruction Fuzzy Hash: 5AF0A732500258ABCF11AF94CC05DDEBF79EF98314F040449EC9533291DB349514CBA1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleW.KERNEL32(ntdll.dll,?,00B69F84,00000001), ref: 00B6A090
  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00B6A0A0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: RtlGetVersion$ntdll.dll
  • API String ID: 1646373207-1489217083
  • Opcode ID: 6bd42621fd51d481e6ced9334bbd6b30a73340a9a41af9a9ba1ba6a45021014e
  • Instruction ID: cc9aa1e03137e74c2b5a3e3848ee9dd774d4a0488100d92b11e61b3c0726b1a9
  • Opcode Fuzzy Hash: 6bd42621fd51d481e6ced9334bbd6b30a73340a9a41af9a9ba1ba6a45021014e
  • Instruction Fuzzy Hash: 7ED0A73135532139EA2056B47C0EAD663CCDB50B1170104E3B500F2094FED4CD414662
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleW.KERNEL32(kernel32.dll,GetLargePageMinimum,00B70A2C), ref: 00BBB32A
  • GetProcAddress.KERNEL32(00000000), ref: 00BBB331
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: GetLargePageMinimum$kernel32.dll
  • API String ID: 1646373207-2515562745
  • Opcode ID: d40feab172d71bda4953b678193f15f24b0befa96eb09d05030efc76667ae2d6
  • Instruction ID: eb8fb51341682cc1b4cd6169ba65d596cbfe9b548dd82a8f413d2f78d76fe916
  • Opcode Fuzzy Hash: d40feab172d71bda4953b678193f15f24b0befa96eb09d05030efc76667ae2d6
  • Instruction Fuzzy Hash: FFD0C770645353F7AB145B715C7DB79BBD8DD1074130150A6A411D71A0FFE4C901CB25
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 9e919c0d23b06e66a1bd54f5ac31265202b60ecb44d36c5c8e10d6c4223941c6
  • Instruction ID: 15963020da2b23d4d4c23ab16dc5dc444def9e4d2e2a22d60073a092df0641b4
  • Opcode Fuzzy Hash: 9e919c0d23b06e66a1bd54f5ac31265202b60ecb44d36c5c8e10d6c4223941c6
  • Instruction Fuzzy Hash: 4911E6B138020A7BD714AE14CC42FB977E58B94740F0544FAFD85EA2A6F2B0F550D3A9
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: d55ae791f3009baefb62ba491c69b32a4efae17d13929fe692f02caa56e7a5b7
  • Instruction ID: 4e2e55078e564760c12b7bca86c614306b0882b7bae1627e22cecb471524fb57
  • Opcode Fuzzy Hash: d55ae791f3009baefb62ba491c69b32a4efae17d13929fe692f02caa56e7a5b7
  • Instruction Fuzzy Hash: 2611907174030677C7206A10CC42FBA73E59B94B50F1544FEFE85AB2A2F6A1F950DB94
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 4aea320c3c29ac51fc0da0b58cac2adc0f816bd7ec39e7e8e6c7793b2ddec8f8
  • Instruction ID: be28eed01d596782a3eb004d86cae55d5ec813b913fd16ff1ffbadf5475f5ad7
  • Opcode Fuzzy Hash: 4aea320c3c29ac51fc0da0b58cac2adc0f816bd7ec39e7e8e6c7793b2ddec8f8
  • Instruction Fuzzy Hash: A011B67178C30577C7104A20CC42FBA73E99B95750F0588EDFD85EA292FAB1FD505698
Uniqueness

Uniqueness Score: -1.00%

APIs
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,000004B0,00000000,00000000,?,?,00B61C23,0000FDE9,7FFFFFE0,00000000,00000000), ref: 00B63811
  • GetLastError.KERNEL32(?,00B61C23,0000FDE9,7FFFFFE0,00000000,00000000,?,00000000,00000000), ref: 00B6381A
  • _CxxThrowException.MSVCRT(00000000,00BDFFC8), ref: 00B63834
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,?,?,00B61C23,0000FDE9,7FFFFFE0,00000000,00000000,?,00000000,00000000), ref: 00B63859
  • _CxxThrowException.MSVCRT(00000000,00BDFFC8), ref: 00B6386F
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ByteCharExceptionMultiThrowWide$ErrorLast
  • String ID:
  • API String ID: 2296236218-0
  • Opcode ID: cc1914d60a8238e1a4abd97aaa5c875fe5e929e32c92effa95cf87865e5c1b26
  • Instruction ID: 873fe4a94111dacbc6c446af584e8cf21deacd6ed200b7f1f6beec05713f73ac
  • Opcode Fuzzy Hash: cc1914d60a8238e1a4abd97aaa5c875fe5e929e32c92effa95cf87865e5c1b26
  • Instruction Fuzzy Hash: 77111CB5201206BFD710DF95CC81EBABBE9EF84740710816AF949D7250EB74ED40CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B95C8A
    • Part of subcall function 00B958F5: __EH_prolog.LIBCMT ref: 00B958FA
  • strlen.MSVCRT ref: 00B95D25
    • Part of subcall function 00B83294: strlen.MSVCRT ref: 00B832DE
  • strlen.MSVCRT ref: 00B95D99
  • fputs.MSVCRT ref: 00B95DE6
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: strlen$H_prolog$fputs
  • String ID:
  • API String ID: 3404455912-0
  • Opcode ID: 322a3a45217db61581e89b4668dd08737143c33f29f1bfac0e0533666dfb0eaa
  • Instruction ID: 9c8f41700f45b5a7c5a133fa768a1e38986e561c54677817dd6d366350644b82
  • Opcode Fuzzy Hash: 322a3a45217db61581e89b4668dd08737143c33f29f1bfac0e0533666dfb0eaa
  • Instruction Fuzzy Hash: C9416231A4061A9FCF26EFA8C895EEDB7F5EF48300F1044B9E905A7251DB349E15CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9C66A
  • EnterCriticalSection.KERNEL32(00BEA8A0,?,00000001,?,?,00B9C9F1,?,0000006F,0000006F,?,?,00000000), ref: 00B9C67E
  • fputs.MSVCRT ref: 00B9C6CF
  • LeaveCriticalSection.KERNEL32(00BEA8A0,?,00000001,?,?,00B9C9F1,?,0000006F,0000006F,?,?,00000000), ref: 00B9C7A0
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$EnterH_prologLeavefputs
  • String ID:
  • API String ID: 2174113412-0
  • Opcode ID: 4b5f1247f2418a160834bfd07ce6c744ee39a1ab14d1a37824b332d2330409bf
  • Instruction ID: 54c23aec5b3db016cce80cbb935c838b6691c366f7bc1aeb26615e2df613e810
  • Opcode Fuzzy Hash: 4b5f1247f2418a160834bfd07ce6c744ee39a1ab14d1a37824b332d2330409bf
  • Instruction Fuzzy Hash: B9415931600785DFDF25AFA4C490BAABBE2FF45300F0449BEE45A97251CB39AC01DB92
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetFileSecurityW.ADVAPI32(?,00000007,?,?,00000000,?,?,00000000,?), ref: 00B7F122
  • GetLastError.KERNEL32(?,?,00000000,?), ref: 00B7F14B
  • GetFileSecurityW.ADVAPI32(?,00000007,?,?,00000000,?,?,?,00000000,?), ref: 00B7F1A3
  • GetLastError.KERNEL32(?,?,00000000,?,?,?,00000000,?), ref: 00B7F1B9
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorFileLastSecurity
  • String ID:
  • API String ID: 555121230-0
  • Opcode ID: e0bf34b93a9bbc7791eb527de10071eeb60cdfde4670bea87434a4c04dc057db
  • Instruction ID: ac461d71f2572a77936d70d4724684922bcb663728a66493a94ba2f01ace4f58
  • Opcode Fuzzy Hash: e0bf34b93a9bbc7791eb527de10071eeb60cdfde4670bea87434a4c04dc057db
  • Instruction Fuzzy Hash: D8316E7490060AEFDB10DFA4C880BBEBBF5FF44300F5088A9E469A7650D770AE45DB60
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: __aulldiv
  • String ID:
  • API String ID: 3732870572-0
  • Opcode ID: fdef8960fb42e65836490cb94129da42e7bc97a4e2a819a0f015e656302550c4
  • Instruction ID: 9e0ac980dfbbf31432d3398f384ba75534ce702260281ec719f3fd61670f6d06
  • Opcode Fuzzy Hash: fdef8960fb42e65836490cb94129da42e7bc97a4e2a819a0f015e656302550c4
  • Instruction Fuzzy Hash: 491190B6200244BFDB355AA4DC81EBF7BFEEFC8740F0088ADB54656192D672AC509720
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00BAEF64
  • memcpy.MSVCRT ref: 00BAEF85
  • _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00BAEFA9
  • __EH_prolog.LIBCMT ref: 00BAEFB3
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionThrow$H_prologmemcpy
  • String ID:
  • API String ID: 3273695820-0
  • Opcode ID: c27d22f59925711782488ff03a2280a4cc581bcff75389a3d7fe747b173daa75
  • Instruction ID: 571eb7dc326e8b87e39cbbc60cd26ee607994dcef1a1d64073f65eb7ded352a0
  • Opcode Fuzzy Hash: c27d22f59925711782488ff03a2280a4cc581bcff75389a3d7fe747b173daa75
  • Instruction Fuzzy Hash: D411DA767041099FDB10DFA8C881D6EBBE9EB45744B0084BEF529D7380EA71E9048750
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B934C0
  • EnterCriticalSection.KERNEL32(00BEA858), ref: 00B934D4
  • CompareFileTime.KERNEL32(?,?), ref: 00B934FE
  • LeaveCriticalSection.KERNEL32(00BEA858), ref: 00B93556
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$CompareEnterFileH_prologLeaveTime
  • String ID:
  • API String ID: 3800395459-0
  • Opcode ID: e3aa7d114920c493b6e0b464a83228955d42cfdaad794caca8d2accb735b116d
  • Instruction ID: 6c2b78937466d1a785b443f2bbaac964845824192ade6e1643059f4c5d4bc80f
  • Opcode Fuzzy Hash: e3aa7d114920c493b6e0b464a83228955d42cfdaad794caca8d2accb735b116d
  • Instruction Fuzzy Hash: B721CD71500605EFDF20CF28D848B9ABBF5FF68704F1184AAE85A93611E770FA48CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B65A9E
  • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,?,?,00000000), ref: 00B65AC0
  • GetLastError.KERNEL32(?,00000000,?,00000000,00000001,?,?,00000000), ref: 00B65ACA
  • CreateDirectoryW.KERNEL32(?,00000000,00000000,?,00000000,00000001,?,?,00000000), ref: 00B65B01
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CreateDirectory$ErrorH_prologLast
  • String ID:
  • API String ID: 1817354178-0
  • Opcode ID: c8d831558589abb240561d320ae77eb916a5ebd2d0ac0af86ec9ffcefc84123b
  • Instruction ID: 8c01a55e4f08cf43ce4d520299ecc725ab2e54ce94c15742ba5f64bb193d1594
  • Opcode Fuzzy Hash: c8d831558589abb240561d320ae77eb916a5ebd2d0ac0af86ec9ffcefc84123b
  • Instruction Fuzzy Hash: 8F012D32E002069BCB346FA49C967BEBBE5DF40351F1801F5ED01B3591CF298C519690
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B93425
  • EnterCriticalSection.KERNEL32(00BEA858), ref: 00B93439
  • LeaveCriticalSection.KERNEL32(00BEA858), ref: 00B93468
  • LeaveCriticalSection.KERNEL32(00BEA858), ref: 00B934A8
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$Leave$EnterH_prolog
  • String ID:
  • API String ID: 2532973370-0
  • Opcode ID: 27a78c45217763b6ff65f516dd834c5ff5ffbd0cfe250b32cf56fd9b24d22f6a
  • Instruction ID: 5a6780045937acabcd252262d0890716691daf793620dbaaa5c6ae20ae36d508
  • Opcode Fuzzy Hash: 27a78c45217763b6ff65f516dd834c5ff5ffbd0cfe250b32cf56fd9b24d22f6a
  • Instruction Fuzzy Hash: 08113A75A00611ABCB11DF69D48496EBBE5FB89B24B10827DE81ADB700D734EA058BA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,00000000,00B79905), ref: 00BC7DBA
  • GetLastError.KERNEL32(?,00000000,00B79905), ref: 00BC7DCB
  • CloseHandle.KERNEL32(00000000,?,00000000,00B79905), ref: 00BC7DDF
  • GetLastError.KERNEL32(?,00000000,00B79905), ref: 00BC7DE9
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorLast$CloseHandleObjectSingleWait
  • String ID:
  • API String ID: 1796208289-0
  • Opcode ID: 11adfd40c50b6b3afdc110754e8e9f2080d3a077660792c8e8937f0e4b71a852
  • Instruction ID: 51005be14d891d373da2fbb289592265b65159af2e2546e91d87e7ca62679d30
  • Opcode Fuzzy Hash: 11adfd40c50b6b3afdc110754e8e9f2080d3a077660792c8e8937f0e4b71a852
  • Instruction Fuzzy Hash: A6F0DAB134920257DB205ABDAC84F6666DCEF527B5F2407BEF966D31D0EE60CC409AA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _beginthreadex.MSVCRT ref: 00BC7E65
  • SetThreadAffinityMask.KERNEL32(00000000,?), ref: 00BC7E7D
  • ResumeThread.KERNEL32(00000000), ref: 00BC7E84
  • GetLastError.KERNEL32 ref: 00BC7E96
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: Thread$AffinityErrorLastMaskResume_beginthreadex
  • String ID:
  • API String ID: 3268521904-0
  • Opcode ID: 97ab3f035b8fb5117b507ac764789521b2f1d0324bc7e407b966856fd31f61c5
  • Instruction ID: e1412406f932b70dbabe6c46e7e62c10aee5628b044dad8e0d5294f2f68b08d4
  • Opcode Fuzzy Hash: 97ab3f035b8fb5117b507ac764789521b2f1d0324bc7e407b966856fd31f61c5
  • Instruction Fuzzy Hash: ADF08273245212ABD3109B58AC44FABB7DDEBD1B20F04455EF654CB180EA709C4787B1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B9C53D
  • fputs.MSVCRT ref: 00B9C56C
  • fputs.MSVCRT ref: 00B9C575
  • fputs.MSVCRT ref: 00B9C57C
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$H_prologfputcfree
  • String ID:
  • API String ID: 3247574066-0
  • Opcode ID: 919e15c23ea02a823a8f6f75a858ad9c4fbf90e8ec6e8a10e959737db117dd07
  • Instruction ID: d0158e8876ef9dc5cc6da4000c3e09577e411c8b4245a3e510bb7ea1d52f95a7
  • Opcode Fuzzy Hash: 919e15c23ea02a823a8f6f75a858ad9c4fbf90e8ec6e8a10e959737db117dd07
  • Instruction Fuzzy Hash: 4CF03032D00015ABCB05BB98DC56AAEFFB6EF94350F1440ABE905632A1EF754A65DFC0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B82B74
    • Part of subcall function 00B7EFE3: __EH_prolog.LIBCMT ref: 00B7EFE8
    • Part of subcall function 00BA6B33: _CxxThrowException.MSVCRT(?,00BDFFC8), ref: 00BA6B59
    • Part of subcall function 00B86287: __EH_prolog.LIBCMT ref: 00B8628C
    • Part of subcall function 00B8315C: __EH_prolog.LIBCMT ref: 00B83161
    • Part of subcall function 00B8255B: __EH_prolog.LIBCMT ref: 00B82560
    • Part of subcall function 00B8255B: strcmp.MSVCRT ref: 00B82614
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$ExceptionThrowstrcmp
  • String ID: Scanning error
  • API String ID: 1140649431-2691707340
  • Opcode ID: e49602ce05a6dbff3229e5c30dade66579f06701944f35b174e8764ae75b6637
  • Instruction ID: 7540bec1a6e9b52cf2766483cfa88bed1fbca0f73ddab68ed992d3221863cbef
  • Opcode Fuzzy Hash: e49602ce05a6dbff3229e5c30dade66579f06701944f35b174e8764ae75b6637
  • Instruction Fuzzy Hash: 790258719042599FCF15EFA4C894AEDBBF0EF18310F1884E9E945AB2A2DB359E44CF50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B7A549
    • Part of subcall function 00BC7E10: _beginthreadex.MSVCRT ref: 00BC7E24
  • __aulldiv.LIBCMT ref: 00B7A804
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog__aulldiv_beginthreadex
  • String ID:
  • API String ID: 2901374343-3916222277
  • Opcode ID: aa8082e5c01319d7773a0f7b53f4eacea774745d368200aea3ae9cec88eac1e2
  • Instruction ID: 2647af1a1060bc297e1a4a6e14c7ba4f95ca867b15ee9cedb497e17c74f5ead9
  • Opcode Fuzzy Hash: aa8082e5c01319d7773a0f7b53f4eacea774745d368200aea3ae9cec88eac1e2
  • Instruction Fuzzy Hash: 0CB12BB1D00205DFCB64DF55C8819AEBBF5FF88310B24C5ADE56AA7251D730AE41CB52
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B88308
    • Part of subcall function 00B69312: VariantClear.OLEAUT32(?), ref: 00B69334
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ClearH_prologVariant
  • String ID: Unknown error$Unknown warning
  • API String ID: 1166855276-4291957651
  • Opcode ID: ef80322a68e93f7df36a10b3bb17d12212ac900290045c3e985e26d46fc7ff55
  • Instruction ID: f8e05b4d4fadf82ad3f2bb8514c30cdc40697e76a4ac8698b900a0c2c1616b16
  • Opcode Fuzzy Hash: ef80322a68e93f7df36a10b3bb17d12212ac900290045c3e985e26d46fc7ff55
  • Instruction Fuzzy Hash: 41813A71900609DFCB14EFA8C5809EEB7F5FF58304F9089ADE056A72A1DB74AE09CB54
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CountTickfputs
  • String ID: .
  • API String ID: 290905099-4150638102
  • Opcode ID: 99339f33ec029cf8454a2a1b0319b8ba4be4f356dabd82a46ff7fec1d09e92c5
  • Instruction ID: 177a1e8c83e3da5daca9dc11167e24cd8746efa417ed7a275500cffa9fbb12ea
  • Opcode Fuzzy Hash: 99339f33ec029cf8454a2a1b0319b8ba4be4f356dabd82a46ff7fec1d09e92c5
  • Instruction Fuzzy Hash: 8E714731600B049FDB25EFA5DA91EAEB7F6EF84700F0049ADE18697691DB74BC48CB11
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog__aullrem
  • String ID: wav
  • API String ID: 3415659256-1803495720
  • Opcode ID: 42c1ce91c24773a126e362f71042b4852dd62257586a76364f4b47c63f83374a
  • Instruction ID: f5e717146fd7d3d02fafdf6394bca185ea9be3d0826bc286717083a5b3591f10
  • Opcode Fuzzy Hash: 42c1ce91c24773a126e362f71042b4852dd62257586a76364f4b47c63f83374a
  • Instruction Fuzzy Hash: 7F614932A0820ADBDF21CF94C944BFEB7F1EF46355F2480A9E844AB242D7759E45CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: @$crc
  • API String ID: 3519838083-849529298
  • Opcode ID: 9d6124f213b939be11cd295d47e2d02a4a4a1c55caa262716de444dc58941004
  • Instruction ID: 9d9dbf9dd1e65003b21baffb738e895edcfcb2918649cabf10451e60aa044959
  • Opcode Fuzzy Hash: 9d6124f213b939be11cd295d47e2d02a4a4a1c55caa262716de444dc58941004
  • Instruction Fuzzy Hash: A7513F71D0020ADBCF10EF94D8919FEB7F5EF44360F1584B9E812A7251DB78AA46CB50
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: BlockPackSize$BlockUnpackSize
  • API String ID: 3519838083-5494122
  • Opcode ID: f3ffae557b18024ef85027b20a1611bc0e2d6790038025f36ea3c45d18ba5ec4
  • Instruction ID: cefbb0975a09bc4542b9deb7f6ab246267173cb985ed38e94a95613e4ee7aa1c
  • Opcode Fuzzy Hash: f3ffae557b18024ef85027b20a1611bc0e2d6790038025f36ea3c45d18ba5ec4
  • Instruction Fuzzy Hash: B751B17180D2859EDF798B6884A0AFDBBF1EF1B340F2848DAD096571A1D732D888D705
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B722CD
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B724A5
    • Part of subcall function 00B61E89: free.MSVCRT(?,00B86CD6,00000000,00000000,00000001,?,00B610EB), ref: 00B61E8D
Strings
  • incorrect update switch command, xrefs: 00B72492
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionH_prologThrowfree
  • String ID: incorrect update switch command
  • API String ID: 2564996034-2497410926
  • Opcode ID: 26f652ae6534a4cc65ace93c341229a09607ea87a5f30bf8d11dc44398c60163
  • Instruction ID: 707ce17ceb505193abc71d9f8affb037a74c92d2de540f816440bfd20f1e1857
  • Opcode Fuzzy Hash: 26f652ae6534a4cc65ace93c341229a09607ea87a5f30bf8d11dc44398c60163
  • Instruction Fuzzy Hash: E7513632D10219DBDF15EB98D842AEDBBF5EF04310F2481D9E52977291CB74AE45CB60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B7DF32
    • Part of subcall function 00B7E0BD: __EH_prolog.LIBCMT ref: 00B7E0C2
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: AES128$AES192
  • API String ID: 3519838083-2727009373
  • Opcode ID: 3c1bcdcee7ea393d19908e20736f38617153a27992497e6d5af7e29e01ac2490
  • Instruction ID: 5de7208ee273f8e928d619dedebf7903ceca484dfe5ece6ccf7e603f0afc6425
  • Opcode Fuzzy Hash: 3c1bcdcee7ea393d19908e20736f38617153a27992497e6d5af7e29e01ac2490
  • Instruction Fuzzy Hash: 07518C71900208ABDF24EF94C992AEDF7F1FF58310F1082ADE46AA7291DB759E04CB51
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologstrcmp
  • String ID: =
  • API String ID: 1490138475-2525689732
  • Opcode ID: cdcda816ed74bccffb0579e38ae276125f8c49ed4c8712498e2e9fb0f08515ba
  • Instruction ID: 7ec79de36e1392b2943dfe8b62fe6a6f4d70bf1606edda073dd61e8d8d384d35
  • Opcode Fuzzy Hash: cdcda816ed74bccffb0579e38ae276125f8c49ed4c8712498e2e9fb0f08515ba
  • Instruction Fuzzy Hash: A7418E30A00645ABDF25FBA8C856BFE7BF29F95300F088499F4023A1E2DF694D45DB51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B6A0BB
    • Part of subcall function 00B69F47: __EH_prolog.LIBCMT ref: 00B69F4C
    • Part of subcall function 00B699D7: GetSystemInfo.KERNEL32(?), ref: 00B699F9
    • Part of subcall function 00B699D7: GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 00B69A13
    • Part of subcall function 00B699D7: GetProcAddress.KERNEL32(00000000), ref: 00B69A1A
  • strcmp.MSVCRT ref: 00B6A127
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog$AddressHandleInfoModuleProcSystemstrcmp
  • String ID: -
  • API String ID: 2798778560-3695764949
  • Opcode ID: 9748c56dee4a772a4154c7ebc4701d44f9d7d9fb3d726b965d15b3a8edee9082
  • Instruction ID: 35b3c5d361c79d42996f0302feb8d3ba7367824b891164a595fbfc1926ae35e5
  • Opcode Fuzzy Hash: 9748c56dee4a772a4154c7ebc4701d44f9d7d9fb3d726b965d15b3a8edee9082
  • Instruction Fuzzy Hash: 32315431C01109ABDF15EBA4D8529EDF7F9AF55700F1440AAF401B2292DB399A08DBA2
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00B69852: GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 00B69876
    • Part of subcall function 00B69852: GetProcAddress.KERNEL32(00000000), ref: 00B6987D
  • __aulldiv.LIBCMT ref: 00B9F70F
  • __aulldiv.LIBCMT ref: 00B9F71B
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: __aulldiv$AddressHandleModuleProc
  • String ID: 3333
  • API String ID: 3748425447-2924271548
  • Opcode ID: 4e4f67d3f68f3cdd0f420941f190c910a86f8fc1d7272cca77f3590a90392ea6
  • Instruction ID: b1dceabfba1a6f9f8d3e7d1c2a6e41107271a96503cf715c1c83fe468e9831c5
  • Opcode Fuzzy Hash: 4e4f67d3f68f3cdd0f420941f190c910a86f8fc1d7272cca77f3590a90392ea6
  • Instruction Fuzzy Hash: 5521B5B19007056FDB349FB98881B6BBAFDEB84724F0489BEB046D3241D674AD048B65
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: wcscmp
  • String ID: UNC
  • API String ID: 3392835482-337201128
  • Opcode ID: 9237893f31dec3720b2c0f44b88dd64f19d01c22c72ff64b18e0686a1aa727d9
  • Instruction ID: 8e9541545da26f2f13e1c4bffffc63c7e788860a1d0b24e8c8777c31c9732e57
  • Opcode Fuzzy Hash: 9237893f31dec3720b2c0f44b88dd64f19d01c22c72ff64b18e0686a1aa727d9
  • Instruction Fuzzy Hash: 19213E39300A00DFDB28CF58D994A25B3E5FF85B64B2484EAE6558B3A5DB36EC45CB40
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prologstrlen
  • String ID: sums
  • API String ID: 1633371453-329994169
  • Opcode ID: e335ec48dccb448c2e3814d3652de7ca5ee64c2261f37233363fe545b8a7856a
  • Instruction ID: 03e75e6f9e96ce198d5e628c0cb24084397caefec94574548ca6af02c710e122
  • Opcode Fuzzy Hash: e335ec48dccb448c2e3814d3652de7ca5ee64c2261f37233363fe545b8a7856a
  • Instruction Fuzzy Hash: 8A219A32D001189BDF18EB99D851AEDF7F5EF84B04F1440EAE80173292CB7A5E45C791
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: __aulldivstrlen
  • String ID: M
  • API String ID: 1892184250-3664761504
  • Opcode ID: 09a60940a3f7c14381204f1e3f649e5e64339269a50027163c06437c1d688add
  • Instruction ID: 201cacc509fb760878c11736df938ba7f38840cdea76c5e6a7fd2b28789fe70d
  • Opcode Fuzzy Hash: 09a60940a3f7c14381204f1e3f649e5e64339269a50027163c06437c1d688add
  • Instruction Fuzzy Hash: F911EB316006445BDF15DBB9D991FAEB7EADBC8314F2448BDE283971C1D634BC058320
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __EH_prolog.LIBCMT ref: 00B7263A
  • _CxxThrowException.MSVCRT(?,00BE1428), ref: 00B726D7
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ExceptionH_prologThrow
  • String ID: Unsupported charset:
  • API String ID: 461045715-616772432
  • Opcode ID: 2039f81deaa9ca9b9c781f685e4eaf7f19a72d2363ceb15a8b2449e5c4cbcf5e
  • Instruction ID: fc06ef3698c1e399a901edf7b77f1e5a181b821a9f8eab0245a6e1c353d972c6
  • Opcode Fuzzy Hash: 2039f81deaa9ca9b9c781f685e4eaf7f19a72d2363ceb15a8b2449e5c4cbcf5e
  • Instruction Fuzzy Hash: 0021A172A001099FCF10EF98C891AEDB7F1EF49314F1580EAE9596B255CB35AD45CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: 0$x
  • API String ID: 3519838083-1948001322
  • Opcode ID: 01f4dfc640fb881b233998961164f4485dc9891720ea4aeaad39e064b5a1eef7
  • Instruction ID: 4f61fa96d630740c69ebbe7a6d9b244cd34e4f3a2e950b6f66f5577fd72515c5
  • Opcode Fuzzy Hash: 01f4dfc640fb881b233998961164f4485dc9891720ea4aeaad39e064b5a1eef7
  • Instruction Fuzzy Hash: BF212932D0151A9BDF05DBE8D991AEDF7F5EF48304F2404AAE40177241DB795E05CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs
  • String ID: Decoding ERROR$S
  • API String ID: 1795875747-3281273935
  • Opcode ID: e043916e609e3090284059f63327574eaccb4100c6e8fbdc0bc4a66d35354fe2
  • Instruction ID: 06bbae0bf0392f00eed7ae0ecfbc6f6db5cf3c11d1125d8d051e2d60e624d636
  • Opcode Fuzzy Hash: e043916e609e3090284059f63327574eaccb4100c6e8fbdc0bc4a66d35354fe2
  • Instruction Fuzzy Hash: 6A218931900159CBDF15EBA8D886BDCBBF5EB18314F1401EDE409AB1A1DB386E85CB21
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: BT2$LZMA
  • API String ID: 3519838083-1343681682
  • Opcode ID: 91f1dbba64917d0ac7f73ac8d22c2cff44954ae392875db011ba27c8c9bdf344
  • Instruction ID: 8183d2ce080673ec6fb21b94102a19b045873e3fc31c1479f991a814265d5ed3
  • Opcode Fuzzy Hash: 91f1dbba64917d0ac7f73ac8d22c2cff44954ae392875db011ba27c8c9bdf344
  • Instruction Fuzzy Hash: FD115B71A24218BADB18EBA0CC52FEDB7F0AF15B40F0040A9F116761E2EFA45A04CB51
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: H_prolog
  • String ID: / $ :
  • API String ID: 3519838083-1815150141
  • Opcode ID: b4d53add3577e0f07ef021ff74135870d83c73625d8b83c32bf48065d55b1b77
  • Instruction ID: b130833754d93416c5d99198882546b05a9bbe84f7b2b3509a2f4a6314602ebc
  • Opcode Fuzzy Hash: b4d53add3577e0f07ef021ff74135870d83c73625d8b83c32bf48065d55b1b77
  • Instruction Fuzzy Hash: C611D432910619DBDF14EBA8CC92EEDB3F4BF58300F1448AAE11676191DB78AA04CB61
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorH_prologLast
  • String ID: :
  • API String ID: 1057991267-3653984579
  • Opcode ID: 618899d1bf17aa537bc4bbd9ecce452a08bdb2989eb6383f8b21702ae27ccd72
  • Instruction ID: 23c98ba5335773851e7e0e15812ba1406899b500892dcaa32dd9fb9dce28690d
  • Opcode Fuzzy Hash: 618899d1bf17aa537bc4bbd9ecce452a08bdb2989eb6383f8b21702ae27ccd72
  • Instruction Fuzzy Hash: 8411C436E10205DBCB05EBA4D816BDEBBF5EF94310F1440A9E805B3291DF759E05CBA0
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • Cannot open encrypted archive. Wrong password?, xrefs: 00B974C7
  • Cannot open the file as archive, xrefs: 00B974FF
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs
  • String ID: Cannot open encrypted archive. Wrong password?$Cannot open the file as archive
  • API String ID: 1795875747-1623556331
  • Opcode ID: 9229151ddcaedbcf6ff23fbc0ef7aa45db321a6cef3273e4df0f8487c10a8810
  • Instruction ID: 01b913213ac757c03be908a971e4dd0650c6a93da51268742b7c897a43900e76
  • Opcode Fuzzy Hash: 9229151ddcaedbcf6ff23fbc0ef7aa45db321a6cef3273e4df0f8487c10a8810
  • Instruction Fuzzy Hash: FE01A231358200ABDA05E7989895AAEB7D7EFC8300B1848ABF40643782DF74A801DB51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00B655F5,00000000,00000000), ref: 00B656B8
Strings
  • Internal Error: The failure in hardware (RAM or CPU), OS or program, xrefs: 00B6569A
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: FormatMessage
  • String ID: Internal Error: The failure in hardware (RAM or CPU), OS or program
  • API String ID: 1306739567-2427807339
  • Opcode ID: 450a0792671a6cfdfc26b2a7890a82179a4db3107bcaa3e10eef634483d2fd9a
  • Instruction ID: 4e75521022e1bac6020d9abd59d64ccab8f49a87ec9fded5ee5762e409904eb3
  • Opcode Fuzzy Hash: 450a0792671a6cfdfc26b2a7890a82179a4db3107bcaa3e10eef634483d2fd9a
  • Instruction Fuzzy Hash: 7DE02BB0205600BFAF151B50DC56CBF73ECCB4070572041D4F80292160F9584F11E6B4
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs
  • String ID: =
  • API String ID: 1795875747-2525689732
  • Opcode ID: 11c2920504d6832e43c3f97b14167d398270358df0eb246b200a8711c149c648
  • Instruction ID: b1660123e361169f1de3a2efdcaf011d42d2e426dafbfd7d7ede0ececf54d32c
  • Opcode Fuzzy Hash: 11c2920504d6832e43c3f97b14167d398270358df0eb246b200a8711c149c648
  • Instruction Fuzzy Hash: 5BE0D831A001269BCF00A7989C45CAF7BFAEB80750B1408B3E91097250FB30D8118BD0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • OpenEventW.KERNEL32(00000002,00000000,?,Unsupported Map data size,?,?,00B71F5B,?,?,?,00000000), ref: 00B71FB0
  • GetLastError.KERNEL32(?,00B71F5B,?,?,?,00000000), ref: 00B71FBD
Strings
  • Unsupported Map data size, xrefs: 00B71FA3
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: ErrorEventLastOpen
  • String ID: Unsupported Map data size
  • API String ID: 330508107-1172413320
  • Opcode ID: 79fe0da57a9737a64390ff88786cb34b1f76ec44cdee7ad8cbf67595920e09ac
  • Instruction ID: a02cec8a1d4b0dc81fedd6d765b4f792b3308f0a5a3f1347f6c96954a5521171
  • Opcode Fuzzy Hash: 79fe0da57a9737a64390ff88786cb34b1f76ec44cdee7ad8cbf67595920e09ac
  • Instruction Fuzzy Hash: EDE06D71600204EBEB14EFA8DC17B9DB7E8EF00744F2044AEE405E2090FF716E00AA24
Uniqueness

Uniqueness Score: -1.00%

APIs
  • fputs.MSVCRT ref: 00B983C3
  • fputs.MSVCRT ref: 00B983CC
    • Part of subcall function 00B6224A: fputs.MSVCRT ref: 00B62267
    • Part of subcall function 00B61FE9: fputc.MSVCRT ref: 00B61FF0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: fputs$fputc
  • String ID: Archives
  • API String ID: 1185151155-454332015
  • Opcode ID: 00e3adb57abdedaa0a0ddb8945f260c4173aee0da96d48cde5dd820e22ca5c97
  • Instruction ID: c7b35168ece76c9fe6b896e315543f6fdfc4fcf744fc8457981ae3288b3a236d
  • Opcode Fuzzy Hash: 00e3adb57abdedaa0a0ddb8945f260c4173aee0da96d48cde5dd820e22ca5c97
  • Instruction Fuzzy Hash: CBD012322042116BCB117BA99C25C5EBAE6EFC47107050C5FF480431A1DA7548559FA1
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00BC6CA0: EnterCriticalSection.KERNEL32(?,?,?,00BC6439), ref: 00BC6CA8
    • Part of subcall function 00BC6CA0: LeaveCriticalSection.KERNEL32(?,?,?,00BC6439), ref: 00BC6CB2
  • EnterCriticalSection.KERNEL32(?), ref: 00BC65FE
  • LeaveCriticalSection.KERNEL32(?), ref: 00BC6618
  • EnterCriticalSection.KERNEL32(?), ref: 00BC6682
  • LeaveCriticalSection.KERNEL32(?), ref: 00BC66A8
  • EnterCriticalSection.KERNEL32(?), ref: 00BC670E
  • LeaveCriticalSection.KERNEL32(?), ref: 00BC6746
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$EnterLeave
  • String ID:
  • API String ID: 3168844106-0
  • Opcode ID: f33ddf1c6d34dc2b1cacc8767a1bd8c67e3fd57c3325bc5eb4dae3db6652abd7
  • Instruction ID: 8f5c10002196c231a99f54febc007553a4a6836cf9f903849c01a731b96df0f3
  • Opcode Fuzzy Hash: f33ddf1c6d34dc2b1cacc8767a1bd8c67e3fd57c3325bc5eb4dae3db6652abd7
  • Instruction Fuzzy Hash: 54610475604B018FC764DF24C580F6BB3E1FF98314F204AAEE8AA87255EB30E945CB51
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00BC7D90: WaitForSingleObject.KERNEL32(?,000000FF,00B79D84,?), ref: 00BC7D93
    • Part of subcall function 00BC7D90: GetLastError.KERNEL32(?,000000FF,00B79D84,?), ref: 00BC7D9E
  • EnterCriticalSection.KERNEL32(?), ref: 00BBCF6B
  • EnterCriticalSection.KERNEL32(?), ref: 00BBCF74
  • LeaveCriticalSection.KERNEL32(?), ref: 00BBCF96
  • LeaveCriticalSection.KERNEL32(?), ref: 00BBCF99
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: CriticalSection$EnterLeave$ErrorLastObjectSingleWait
  • String ID:
  • API String ID: 2116739831-0
  • Opcode ID: 67ce177993f1bf88a2975773c3fc01d87a7197cbe02efc4d08f223cbc31ec1a3
  • Instruction ID: afa0704032cab723bb049b60d9f371ccf340a4f1ec29405c283fa22395ad358c
  • Opcode Fuzzy Hash: 67ce177993f1bf88a2975773c3fc01d87a7197cbe02efc4d08f223cbc31ec1a3
  • Instruction Fuzzy Hash: 95412C71604B06AFC718EF78C894AEAF3E5FF48310F00866EE5AA43641DB75B955CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 8ad87436ba8c9bac13a632ee7bbe8cfc67bf821762121c48a4a4bf6c41dfd74a
  • Instruction ID: 4bef41005003c1697c2b6b4863b136d4f8a9b45e00f628c3c656031cbdc3140e
  • Opcode Fuzzy Hash: 8ad87436ba8c9bac13a632ee7bbe8cfc67bf821762121c48a4a4bf6c41dfd74a
  • Instruction Fuzzy Hash: 1901C47234020677D7246B24CC42FBAB3E5DB94750F0544BDFD85EA2A2F7A0B950D798
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.1649078239.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
  • Associated: 00000000.00000002.1649064286.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649117337.0000000000BD9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649135703.0000000000BEA000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1649150989.0000000000BF2000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_b60000_7zr.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: 6c604d12b0aa9d1581ffa6488f300fee80ee859abe14cf48afe08a5e5ad9a7d4
  • Instruction ID: 3792e00569bcffc1e875e1c21ff2a3f6802ff9796ec9a3b95dffe534d5c5fe95
  • Opcode Fuzzy Hash: 6c604d12b0aa9d1581ffa6488f300fee80ee859abe14cf48afe08a5e5ad9a7d4
  • Instruction Fuzzy Hash: 52010871340305B7CB105B15CC42FB973D49B94B50F0444BEFE85EA282F661B9509299
Uniqueness

Uniqueness Score: -1.00%