Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sample.exe

Overview

General Information

Sample name:sample.exe
Analysis ID:1375833
MD5:a3fd043c364d24fce08095727ae115d0
SHA1:3ebe5124d8ece2611428289c86545d33a4d72179
SHA256:72ec81e0bb6f6800fcd48affcedd6b377b1e1ac4e78f06b0b35a494ec43529e7
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Early bird code injection technique detected
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject code into remote processes
Drops PE files to the document folder of the user
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sleep loop found (likely to delay execution)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • sample.exe (PID: 6504 cmdline: C:\Users\user\Desktop\sample.exe MD5: A3FD043C364D24FCE08095727AE115D0)
    • msiexec.exe (PID: 6672 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • WerFault.exe (PID: 4284 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 1592 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • explorer.exe (PID: 7008 cmdline: C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
  • explorer.exe (PID: 3192 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • msedge.exe (PID: 6020 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: A3FD043C364D24FCE08095727AE115D0)
    • msedge.exe (PID: 2128 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: A3FD043C364D24FCE08095727AE115D0)
      • msiexec.exe (PID: 2836 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://whois.pconline.com.cn/ipJson.jsp6Avira URL Cloud: Label: malware
Source: http://whois.pconline.com.cn/ipJson.jspkAvira URL Cloud: Label: malware
Source: http://whois.pconline.com.cn/ipJson.jspHAvira URL Cloud: Label: malware
Source: http://whois.pconline.com.cn/ipJson.jspnAvira URL Cloud: Label: malware
Source: C:\Users\user\Documents\msedge.exeJoe Sandbox ML: detected
Source: sample.exeJoe Sandbox ML: detected
Source: sample.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\sample.exeFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: msiexec.pdb source: sample.exe, 00000000.00000003.1721984810.0000000000595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000001.00000000.1722509844.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1892708606.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 00000009.00000002.1892394603.0000000000470000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1893284397.0000000010012000.00000002.00001000.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: sample.exe, 00000000.00000003.1721984810.0000000000595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000000.1722509844.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1892708606.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr

Networking

barindex
Source: global trafficTCP traffic: 206.238.220.90 ports 16037,0,1,3,6,7
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 206.238.220.90:16037
Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 14.29.101.169:80
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 14.29.101.160:80
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 14.29.101.168:80
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_004012D0 GetProcAddress,recv,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z,?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z,FreeLibrary,WSACleanup,0_2_004012D0
Source: unknownDNS traffic detected: queries for: whois.pconline.com.cn
Source: Amcache.hve.14.drString found in binary or memory: http://upx.sf.net
Source: msiexec.exe, 00000009.00000002.1893284397.0000000010012000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp
Source: msiexec.exe, 00000001.00000002.2459248068.0000000003387000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp6
Source: msiexec.exe, 00000001.00000002.2459248068.00000000033A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspH
Source: msiexec.exe, 00000001.00000002.2459427614.0000000004DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspk
Source: msiexec.exe, 00000001.00000002.2459248068.00000000033A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspn
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C63E3 GetVersionExW,GetCurrentProcess,NtQueryInformationProcess,GetCommandLineW,GetStdHandle,GetFileType,memset,memset,RegQueryValueExW,RegCloseKey,RegQueryValueExW,RegCloseKey,CompareStringW,CompareStringW,CompareStringW,memset,GlobalFree,lstrlenW,GlobalFree,CoInitialize,CoRegisterClassObject,GetCurrentThread,OpenThreadToken,GetLastError,OpenEventW,WaitForSingleObject,CloseHandle,RevertToSelf,RegCloseKey,RegEnumKeyW,RevertToSelf,GetCurrentProcess,OpenProcessToken,GetTokenInformation,EqualSid,CloseHandle,GetLastError,memset,CloseHandle,MakeAbsoluteSD,GetLastError,CloseHandle,CloseHandle,CreateEventW,CloseHandle,CreateEventW,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,TranslateMessage,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CoRevokeClassObject,CoUninitialize,GetLastError,GetMessageW,TranslateMessage,DispatchMessageW,1_2_006C63E3
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_100057B0 InterlockedExchange,ExitWindowsEx,0_2_100057B0
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_02657634 ExitWindowsEx,0_2_02657634
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_100057B0 InterlockedExchange,ExitWindowsEx,1_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030075EC ExitWindowsEx,1_2_030075EC
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_100057B0 InterlockedExchange,ExitWindowsEx,7_2_100057B0
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_02477634 ExitWindowsEx,7_2_02477634
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_100057B0 InterlockedExchange,ExitWindowsEx,9_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_004775EC ExitWindowsEx,9_2_004775EC
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_100024D00_2_100024D0
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_0265411C0_2_0265411C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C63E31_2_006C63E3
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_100024D01_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030040D41_2_030040D4
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_100024D07_2_100024D0
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_0247411C7_2_0247411C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_100024D09_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_004740D49_2_004740D4
Source: C:\Program Files (x86)\msiexec.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 1592
Source: sample.exe, 00000000.00000003.1721984810.0000000000595000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs sample.exe
Source: sample.exe, 00000000.00000003.1721927857.0000000000599000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOCK.EXE vs sample.exe
Source: sample.exe, 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLOCK.EXE vs sample.exe
Source: sample.exeBinary or memory string: OriginalFilenameLOCK.EXE vs sample.exe
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: sample.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal92.troj.evad.winEXE@11/8@1/4
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,0_2_1000DE90
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,0_2_1000DD00
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C2F93 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,1_2_006C2F93
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,1_2_1000DE90
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,1_2_1000DD00
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,7_2_1000DE90
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,7_2_1000DD00
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,9_2_1000DE90
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,9_2_1000DD00
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10005720 OutputDebugStringA,CreateToolhelp32Snapshot,Process32First,_mbsicmp,Process32Next,FindCloseChangeNotification,0_2_10005720
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C7DD0 StartServiceCtrlDispatcherW,GetLastError,1_2_006C7DD0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C7DD0 StartServiceCtrlDispatcherW,GetLastError,1_2_006C7DD0
Source: C:\Users\user\Desktop\sample.exeFile created: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\sample.exeFile created: C:\Users\user\Documents\msedge.exeJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6672
Source: C:\Program Files (x86)\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\1:16037
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\b1578100-869b-4ec6-bf2e-f68f87d9d0c8Jump to behavior
Source: unknownProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: sample.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\sample.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\sample.exeFile read: C:\Users\user\Desktop\sample.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\sample.exe C:\Users\user\Desktop\sample.exe
Source: C:\Users\user\Desktop\sample.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: C:\Program Files (x86)\msiexec.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 1592
Source: C:\Users\user\Desktop\sample.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe" Jump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\sample.exeFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: msiexec.pdb source: sample.exe, 00000000.00000003.1721984810.0000000000595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000001.00000000.1722509844.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1892708606.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 00000009.00000002.1892394603.0000000000470000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1893284397.0000000010012000.00000002.00001000.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: sample.exe, 00000000.00000003.1721984810.0000000000595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000000.1722509844.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1892708606.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10005610 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LoadLibraryA,GetProcAddress,CloseHandle,FreeLibrary,0_2_10005610
Source: msiexec.exe.0.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_00402460 push eax; ret 0_2_0040248E
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10010039 push ecx; ret 0_2_1001004C
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10010275 push ecx; ret 0_2_10010288
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_1000EBE0 push 3B000002h; ret 0_2_1000EBE5
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_02661EC1 push ecx; ret 0_2_02661ED4
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_0266082C push 3B000002h; ret 0_2_02660831
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_02661C85 push ecx; ret 0_2_02661C98
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C9F2D push ecx; ret 1_2_006C9F40
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_10010039 push ecx; ret 1_2_1001004C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_10010275 push ecx; ret 1_2_10010288
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000EBE0 push 3B000002h; ret 1_2_1000EBE5
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030107E4 push 3B000002h; ret 1_2_030107E9
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_03011E79 push ecx; ret 1_2_03011E8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_03011C3D push ecx; ret 1_2_03011C50
Source: C:\Users\user\Documents\msedge.exeCode function: 4_2_00402460 push eax; ret 4_2_0040248E
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_00402460 push eax; ret 7_2_0040248E
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_10010039 push ecx; ret 7_2_1001004C
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_10010275 push ecx; ret 7_2_10010288
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_1000EBE0 push 3B000002h; ret 7_2_1000EBE5
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_02481EC1 push ecx; ret 7_2_02481ED4
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_0248082C push 3B000002h; ret 7_2_02480831
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_02481C85 push ecx; ret 7_2_02481C98
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_10010039 push ecx; ret 9_2_1001004C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_10010275 push ecx; ret 9_2_10010288
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000EBE0 push 3B000002h; ret 9_2_1000EBE5
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_00481C3D push ecx; ret 9_2_00481C50
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_00481E79 push ecx; ret 9_2_00481E8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_004807E4 push 3B000002h; ret 9_2_004807E9

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\sample.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\sample.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Users\user\Desktop\sample.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\sample.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C7DD0 StartServiceCtrlDispatcherW,GetLastError,1_2_006C7DD0
Source: C:\Program Files (x86)\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Program Files (x86)\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_00401A60 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379,0_2_00401A60
Source: C:\Users\user\Documents\msedge.exeCode function: 4_2_00401A60 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379,4_2_00401A60
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_00401A60 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379,7_2_00401A60
Source: C:\Users\user\Desktop\sample.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\sample.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\sample.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\sample.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Documents\msedge.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 3726Jump to behavior
Source: C:\Users\user\Desktop\sample.exeAPI coverage: 8.6 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 8.6 %
Source: C:\Users\user\Documents\msedge.exeAPI coverage: 7.8 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 4.4 %
Source: C:\Users\user\Desktop\sample.exe TID: 6500Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 6796Thread sleep count: 3726 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 6796Thread sleep time: -37260s >= -30000sJump to behavior
Source: C:\Users\user\Documents\msedge.exe TID: 4592Thread sleep count: 31 > 30Jump to behavior
Source: C:\Users\user\Documents\msedge.exe TID: 4592Thread sleep count: 31 > 30Jump to behavior
Source: C:\Users\user\Documents\msedge.exe TID: 6264Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exeLast function: Thread delayed
Source: C:\Program Files (x86)\msiexec.exeLast function: Thread delayed
Source: C:\Program Files (x86)\msiexec.exeThread sleep count: Count: 3726 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10006970 GetModuleHandleW,GetProcAddress,OutputDebugStringA,memset,memset,gethostname,gethostbyname,inet_ntoa,strcat_s,strcat_s,strcat_s,inet_ntoa,strcat_s,strcat_s,inet_addr,wsprintfA,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,GlobalMemoryStatusEx,OutputDebugStringA,capGetDriverDescriptionA,wsprintfA,OutputDebugStringA,OutputDebugStringA,??3@YAXPAX@Z,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_10006970
Source: C:\Users\user\Desktop\sample.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Documents\msedge.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: Amcache.hve.14.drBinary or memory string: VMware
Source: Amcache.hve.14.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.14.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.14.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.14.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.14.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: explorer.exe, 00000003.00000002.2449212607.000000000146F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: msiexec.exe, 00000001.00000002.2459248068.000000000335A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000002.2459248068.00000000033C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.14.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: sample.exe, 00000000.00000003.1723009880.000000000057B000.00000004.00000020.00020000.00000000.sdmp, sample.exe, 00000000.00000003.1722978173.000000000057B000.00000004.00000020.00020000.00000000.sdmp, sample.exe, 00000000.00000002.1723596175.000000000057B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
Source: msedge.exe, 00000007.00000002.1919229463.00000000006FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
Source: Amcache.hve.14.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.14.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.drBinary or memory string: vmci.sys
Source: Amcache.hve.14.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.14.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.14.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: explorer.exe, 00000003.00000002.2449212607.000000000146F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}`$@
Source: msiexec.exe, 00000009.00000002.1892846141.00000000028DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls
Source: Amcache.hve.14.drBinary or memory string: VMware20,1
Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.14.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.14.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.14.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.14.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: explorer.exe, 00000003.00000003.2448162358.0000000001460000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.14.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.14.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.14.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.14.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.14.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_1-14521
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\sample.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Program Files (x86)\msiexec.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_1-14562
Source: C:\Program Files (x86)\msiexec.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_10006970 GetModuleHandleW,GetProcAddress,OutputDebugStringA,memset,memset,gethostname,gethostbyname,inet_ntoa,strcat_s,strcat_s,strcat_s,inet_ntoa,strcat_s,strcat_s,inet_addr,wsprintfA,OutputDebugStringA,LdrInitializeThunk,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,GlobalMemoryStatusEx,OutputDebugStringA,capGetDriverDescriptionA,wsprintfA,OutputDebugStringA,OutputDebugStringA,??3@YAXPAX@Z,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,??3@YAXPAX@Z,1_2_10006970
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C59F2 GetLastError,RegQueryValueExW,RegCloseKey,GlobalFree,RegCreateKeyExW,RegSetValueExW,lstrlenW,RegSetValueExW,RegCloseKey,memset,OutputDebugStringW,SetLastError,1_2_006C59F2
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10005610 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LoadLibraryA,GetProcAddress,CloseHandle,FreeLibrary,0_2_10005610
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C63E3 mov eax, dword ptr fs:[00000030h]1_2_006C63E3
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10006010 VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualAlloc,VirtualAlloc,memcpy,0_2_10006010
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_1000FB3C
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_02661788 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02661788
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C9C10 SetUnhandledExceptionFilter,1_2_006C9C10
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C95F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_006C95F0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,1_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_03011740 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_03011740
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,7_2_1000FB3C
Source: C:\Users\user\Documents\msedge.exeCode function: 7_2_02481788 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_02481788
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,9_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_00481740 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00481740

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\sample.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\sample.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 3000000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 470000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_100052B0 OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,memset,OutputDebugStringA,CreateProcessA,CreateProcessA,memset,??2@YAPAXI@Z,GetNativeSystemInfo,GetSystemWow64DirectoryA,GetSystemDirectoryA,OutputDebugStringA,SHGetFolderPathA,sprintf_s,CopyFileA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,OutputDebugStringA,Wow64SuspendThread,OutputDebugStringA,VirtualAllocEx,OutputDebugStringA,WriteProcessMemory,OutputDebugStringA,QueueUserAPC,ResumeThread,0_2_100052B0
Source: C:\Users\user\Desktop\sample.exeThread APC queued: target process: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\sample.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 3000000Jump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 470000Jump to behavior
Source: C:\Users\user\Desktop\sample.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C31A9 FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,GetLengthSid,memset,GlobalAlloc,InitializeAcl,AddAccessAllowedAce,GetAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetSecurityDescriptorLength,MakeSelfRelativeSD,GetLastError,GlobalFree,GetLastError,FreeSid,1_2_006C31A9
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C30F2 AllocateAndInitializeSid,GetLastError,GetLengthSid,FreeSid,GetLengthSid,memcpy,FreeSid,1_2_006C30F2
Source: sample.exe, msedge.exe.0.drBinary or memory string: !Shell_TrayWnd
Source: sample.exe, msedge.exe.0.drBinary or memory string: Shell_TrayWnd
Source: C:\Program Files (x86)\msiexec.exeCode function: memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,1_2_006C5C84
Source: C:\Users\user\Desktop\sample.exeCode function: 0_2_10010474 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_10010474
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_006C5C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,1_2_006C5C84
Source: msiexec.exe, msiexec.exe, 00000009.00000002.1892394603.0000000000470000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1893284397.0000000010012000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.14.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.14.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: msiexec.exe, msiexec.exe, 00000009.00000002.1892394603.0000000000470000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1893284397.0000000010012000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Tray.exe
Source: Amcache.hve.14.drBinary or memory string: MsMpEng.exe
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts2
Service Execution
3
Windows Service
1
Access Token Manipulation
12
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium1
Encrypted Channel
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
System Shutdown/Reboot
Acquire InfrastructureGather Victim Identity Information
Default Accounts1
Native API
1
Registry Run Keys / Startup Folder
3
Windows Service
141
Virtualization/Sandbox Evasion
LSASS Memory151
Security Software Discovery
Remote Desktop Protocol1
Data from Local System
Exfiltration Over Bluetooth1
Non-Standard Port
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAt1
DLL Side-Loading
512
Process Injection
1
Access Token Manipulation
Security Account Manager141
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
Ingress Tool Transfer
Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin Hook1
Registry Run Keys / Startup Folder
512
Process Injection
NTDS3
Process Discovery
Distributed Component Object ModelInput CaptureTraffic Duplication1
Non-Application Layer Protocol
Data DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading
1
Obfuscated Files or Information
LSA Secrets11
Application Window Discovery
SSHKeyloggingScheduled Transfer1
Application Layer Protocol
Data Encrypted for ImpactServerGather Victim Network Information
Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials11
File and Directory Discovery
VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
External Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync14
System Information Discovery
Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1375833 Sample: sample.exe Startdate: 17/01/2024 Architecture: WINDOWS Score: 92 39 whois.pconline.com.cn.ctadns.cn 2->39 41 whois.pconline.com.cn 2->41 45 Antivirus detection for URL or domain 2->45 47 Machine Learning detection for sample 2->47 49 Connects to many ports of the same IP (likely port scanning) 2->49 51 Found API chain indicative of debugger detection 2->51 8 sample.exe 2 3 2->8         started        13 explorer.exe 2->13         started        15 explorer.exe 1 2->15         started        signatures3 process4 dnsIp5 43 206.238.220.90, 16037, 49729, 49730 COGENT-174US United States 8->43 29 C:\Users\user\Documents\msedge.exe, PE32 8->29 dropped 31 C:\Program Files (x86)\msiexec.exe, PE32 8->31 dropped 61 Early bird code injection technique detected 8->61 63 Drops PE files to the document folder of the user 8->63 65 Contains functionality to inject code into remote processes 8->65 67 3 other signatures 8->67 17 msiexec.exe 1 6 8->17         started        20 msedge.exe 13->20         started        23 msedge.exe 13->23         started        file6 signatures7 process8 dnsIp9 33 14.29.101.160, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->33 35 14.29.101.168, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->35 37 whois.pconline.com.cn.ctadns.cn 14.29.101.169, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->37 25 WerFault.exe 21 16 17->25         started        53 Early bird code injection technique detected 20->53 55 Writes to foreign memory regions 20->55 57 Allocates memory in foreign processes 20->57 27 msiexec.exe 20->27         started        59 Machine Learning detection for dropped file 23->59 signatures10 process11

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sample.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Users\user\Documents\msedge.exe100%Joe Sandbox ML
C:\Program Files (x86)\msiexec.exe0%ReversingLabs
C:\Program Files (x86)\msiexec.exe0%VirustotalBrowse
No Antivirus matches
SourceDetectionScannerLabelLink
whois.pconline.com.cn.ctadns.cn1%VirustotalBrowse
whois.pconline.com.cn0%VirustotalBrowse
SourceDetectionScannerLabelLink
http://whois.pconline.com.cn/ipJson.jsp0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jsp6100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jspk100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jspH100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jspn100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jspn0%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jsp60%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jspk0%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jsp0%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jspH0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
whois.pconline.com.cn.ctadns.cn
14.29.101.169
truefalseunknown
whois.pconline.com.cn
unknown
unknownfalseunknown
NameSourceMaliciousAntivirus DetectionReputation
http://whois.pconline.com.cn/ipJson.jspnmsiexec.exe, 00000001.00000002.2459248068.00000000033A6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://upx.sf.netAmcache.hve.14.drfalse
    high
    http://whois.pconline.com.cn/ipJson.jspkmsiexec.exe, 00000001.00000002.2459427614.0000000004DD0000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: malware
    unknown
    http://whois.pconline.com.cn/ipJson.jspHmsiexec.exe, 00000001.00000002.2459248068.00000000033A6000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: malware
    unknown
    http://whois.pconline.com.cn/ipJson.jsp6msiexec.exe, 00000001.00000002.2459248068.0000000003387000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: malware
    unknown
    http://whois.pconline.com.cn/ipJson.jspmsiexec.exe, 00000009.00000002.1893284397.0000000010012000.00000002.00001000.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    unknown
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    14.29.101.169
    whois.pconline.com.cn.ctadns.cnChina
    58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
    206.238.220.90
    unknownUnited States
    174COGENT-174UStrue
    14.29.101.168
    unknownChina
    58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
    14.29.101.160
    unknownChina
    58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
    Joe Sandbox version:38.0.0 Ammolite
    Analysis ID:1375833
    Start date and time:2024-01-17 04:01:21 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 6m 7s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Run name:Potential for more IOCs and behavior
    Number of analysed new started processes analysed:15
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:1
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:sample.exe
    Detection:MAL
    Classification:mal92.troj.evad.winEXE@11/8@1/4
    EGA Information:
    • Successful, ratio: 80%
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 76
    • Number of non-executed functions: 349
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.182.143.212
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
    • Execution Graph export aborted for target msedge.exe, PID 6020 because there are no executed function
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size exceeded maximum capacity and may have missing disassembly code.
    • Report size getting too big, too many NtOpenFile calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    TimeTypeDescription
    03:02:20AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegistered explorer "C:\Users\user\Documents\msedge.exe"
    04:02:56API Interceptor812x Sleep call for process: msiexec.exe modified
    04:03:30API Interceptor1x Sleep call for process: WerFault.exe modified
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    14.29.101.1697r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
    14.29.101.1687r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
    fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp
    fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp
    Wolf.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp
    14.29.101.1607r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    whois.pconline.com.cn.ctadns.cn7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.160
    7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    Wolf.exeGet hashmaliciousUnknownBrowse
    • 115.231.173.59
    Wolf.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    Iu2sShP39b.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.22
    Iu2sShP39b.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.20
    7jA44GSEZf.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    7jA44GSEZf.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    SBIrg6KygK.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    SBIrg6KygK.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    uUdRLGRGrU.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.22
    uUdRLGRGrU.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    5IWAoAL05H.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.23
    5IWAoAL05H.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    KPqFz7E8fZ.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    KPqFz7E8fZ.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    GSaGQ2tFGO.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.23
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNQzvyLl6PTx.elfGet hashmaliciousMiraiBrowse
    • 14.23.101.197
    skyljne.mips-20240113-1800.elfGet hashmaliciousMiraiBrowse
    • 113.104.169.239
    nfulha516h.elfGet hashmaliciousMiraiBrowse
    • 113.104.107.8
    GclZhHgdc9.elfGet hashmaliciousMiraiBrowse
    • 113.104.107.8
    dV50CvXGXi.elfGet hashmaliciousMiraiBrowse
    • 42.240.232.18
    28UlG1fA5p.elfGet hashmaliciousMiraiBrowse
    • 14.22.222.60
    if33NMq1O2.elfGet hashmaliciousMiraiBrowse
    • 14.22.222.69
    http://114.67.217.170/bins/sora.x86Get hashmaliciousUnknownBrowse
    • 114.67.217.170
    telx86-20231224-0150.elfGet hashmaliciousMiraiBrowse
    • 45.116.63.190
    x86-20231214-0334.elfGet hashmaliciousMiraiBrowse
    • 113.97.62.191
    x86-20231212-1319.elfGet hashmaliciousMiraiBrowse
    • 121.14.0.6
    p34XVUW8pN.elfGet hashmaliciousMiraiBrowse
    • 121.15.108.7
    lyLTUlEEaD.elfGet hashmaliciousMiraiBrowse
    • 113.99.33.193
    ZsgAt85vHl.elfGet hashmaliciousUnknownBrowse
    • 14.29.123.255
    https://steam.guesskings.com/profiles/76561199240493541Get hashmaliciousUnknownBrowse
    • 106.75.190.49
    https://steam.guesskings.com/profiles/76561199240493541Get hashmaliciousUnknownBrowse
    • 106.75.190.49
    wMFVAaZ5ki.elfGet hashmaliciousMiraiBrowse
    • 113.103.67.209
    VLMEMjKea7.elfGet hashmaliciousMiraiBrowse
    • 113.100.2.164
    fPENePc786.elfGet hashmaliciousMiraiBrowse
    • 14.22.234.76
    COGENT-174UShttps://nhh1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
    • 38.91.45.7
    file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, GuLoader, StealcBrowse
    • 38.6.193.13
    file.exeGet hashmaliciousHTMLPhisher, Fabookie, GuLoader, Stealc, VidarBrowse
    • 38.6.193.13
    rSPAREPARTSLISTS.exeGet hashmaliciousFormBook, GuLoaderBrowse
    • 38.173.16.130
    X73WpHC3gP.exeGet hashmaliciousUnknownBrowse
    • 206.238.199.149
    http://royalmailer.lifeGet hashmaliciousUnknownBrowse
    • 38.60.212.241
    huhu.mips.elfGet hashmaliciousMiraiBrowse
    • 154.7.203.221
    https://dhl-polska.crabdance.com/oplata/billing.phpGet hashmaliciousUnknownBrowse
    • 149.100.158.211
    https://filf.pages.dev/Get hashmaliciousHTMLPhisherBrowse
    • 38.98.69.175
    RlvKA19dEC.exeGet hashmaliciousBazaLoaderBrowse
    • 50.7.14.36
    skyljne.mips.elfGet hashmaliciousMiraiBrowse
    • 38.188.252.204
    skyljne.arm5.elfGet hashmaliciousMiraiBrowse
    • 136.161.34.67
    skyljne.x86_64.elfGet hashmaliciousMiraiBrowse
    • 38.161.13.44
    skyljne.arm7.elfGet hashmaliciousMiraiBrowse
    • 149.122.79.233
    pODiBEZJjp.elfGet hashmaliciousMiraiBrowse
    • 154.60.6.216
    QzvyLl6PTx.elfGet hashmaliciousMiraiBrowse
    • 38.137.36.237
    xkurXCPbpb.elfGet hashmaliciousMiraiBrowse
    • 154.18.45.174
    6HKlYaVUOY.elfGet hashmaliciousMiraiBrowse
    • 38.247.92.195
    oawyuZdHQO.elfGet hashmaliciousMiraiBrowse
    • 38.122.68.242
    No context
    No context
    Process:C:\Users\user\Desktop\sample.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:modified
    Size (bytes):59904
    Entropy (8bit):5.770776695007155
    Encrypted:false
    SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
    MD5:9D09DC1EDA745A5F87553048E57620CF
    SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
    SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
    SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\SysWOW64\WerFault.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):65536
    Entropy (8bit):1.0620407663582367
    Encrypted:false
    SSDEEP:192:I+GDW8NT0BU/gjeT6HEcpZZzuiFSZ24IO8R:g68NABU/gje2ZzuiFSY4IO8R
    MD5:96A23DBBED8BC363B3D594D7E5006B35
    SHA1:EDC41DB4D73364E4CE1D5A19B4A19AE032C3A009
    SHA-256:A1DDD613E552EF156CCE2B443E0D3DF89C905AEA0BE387F61FABF40E3A11C926
    SHA-512:2C21BCB880EEFE4B151216DE19C453680610AE0DCC2FC5E4FA5CD7DB5FF0F3AE7B1D10DC320AFFFF1E69BD3650207D1C847291D4C3734A0A757B2BE3AB142E68
    Malicious:false
    Reputation:low
    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.9.9.3.4.2.0.1.8.7.6.6.1.4.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.9.9.3.4.2.0.2.5.6.4.1.1.5.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.a.b.b.d.4.5.8.-.a.5.8.0.-.4.a.b.6.-.a.0.b.d.-.2.a.0.3.0.c.d.c.2.6.9.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.b.3.1.e.c.7.1.-.0.6.e.2.-.4.2.5.c.-.b.f.a.2.-.3.b.1.f.c.d.f.c.b.a.f.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.m.s.i.e.x.e.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.m.s.i.e.x.e.c...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.1.0.-.0.0.0.1.-.0.0.1.4.-.a.5.e.7.-.3.5.9.4.f.1.4.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.1.1.b.d.3.6.4.7.d.1.0.5.4.b.8.9.8.2.0.d.6.c.3.4.c.2.8.c.4.8.e.6.0.0.0.0.0.9.0.4.!.0.0.0.0.1.d.0.c.7.c.f.c.a.8.1.0.4.d.0.6.d.e.1.f.0.8.b.9.7.f.2.8.b.3.5.2.0.c.2.4.6.c.d.
    Process:C:\Windows\SysWOW64\WerFault.exe
    File Type:Mini DuMP crash report, 14 streams, Wed Jan 17 03:03:22 2024, 0x1205a4 type
    Category:dropped
    Size (bytes):123486
    Entropy (8bit):1.8864609190718404
    Encrypted:false
    SSDEEP:384:Kyiah8/kQY5Ho1wgLBRIPfRuk2Gy4g/r1Eh66pY4ONhRxqDjXX1dEkvdw:Fh8/C5o1waI2GyR/xEh66pY4OZxudn
    MD5:7E8708989C95D35217D89D5F9174FF59
    SHA1:E04D3174E6D16D068971F91D39AE1890619FC23B
    SHA-256:0BB44B0390819002E5FFAE67C7D5D4AE62B366A98C7A1C10278CAE26D5307EAC
    SHA-512:64D423980161FE778AA0CAA191FCCD580B5B1064AE7184075E33AEF926015D7E81E511CB62B98E54F35B99051D793A156D661B05EDE5537F5E05FB615C97C4FC
    Malicious:false
    Reputation:low
    Preview:MDMP..a..... .......zC.e........................p................L..........T.......8...........T............=..n...........\$..........H&..............................................................................eJ.......&......GenuineIntel............T...........9C.e.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\SysWOW64\WerFault.exe
    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):6350
    Entropy (8bit):3.724172440078415
    Encrypted:false
    SSDEEP:96:RSIU6o7wVetbQnb63RYb1QE/zD3gaM4Ucf89b55sfAzm:R6l7wVeJQb63RYp8prk89b55sfAzm
    MD5:52961B7C4A9AB393E7A25844FF7579B2
    SHA1:DA096B8A3FFD7A12E6F9B65C1AB68B8843C9B629
    SHA-256:03BC75C3AAC3C37F1A4529C157A5814342D2A54C7EEB967634C67CAB2083BD15
    SHA-512:3C9E04E4F4A12B2C23F489173F1F6C9C69A7AFC8C752FCCEF0034EA4058B942C8B94E01081EECE6878DF3CB8EF5CE3D3E9A4BB2C082C30E8F28D465128E31601
    Malicious:false
    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.7.2.<./.P.i.
    Process:C:\Windows\SysWOW64\WerFault.exe
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):4678
    Entropy (8bit):4.482951903187678
    Encrypted:false
    SSDEEP:48:cvIwWl8zsStJg77aI9t6rWpW8VYgYm8M4J2qF60x+q8hyt2KKGFdd:uIjfSHI7D6a7VgJLxFt2KKGFdd
    MD5:5C762E114D7660C4B3E410B0FBA40761
    SHA1:B7A56AEFFCD16D779E744E53E8ABB1A1EE3E69F4
    SHA-256:2438ABF5E52607081FDFECC87CDBB9F0A72FF970A5722FA43DCD7A33933AD633
    SHA-512:F079A7B6826A954F8BFF7283533D22FF6EAE649B903D6A176FEF3A367E985EEC174B2F12902EE2F9E67EEA308CB74E69E90747A20AD2920D9BA5E04E1830C816
    Malicious:false
    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="152286" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
    Process:C:\Users\user\Desktop\sample.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):102400
    Entropy (8bit):4.877017203647963
    Encrypted:false
    SSDEEP:768:/fQgxkwhxeY0M0NY+ZXCR60YZZWjti4Pz7JSZP7KL6yoVkzQol0AYzzaXs+pl:/fy7Y0M776JD6jhyOLnoVkztFYac+
    MD5:A3FD043C364D24FCE08095727AE115D0
    SHA1:3EBE5124D8ECE2611428289C86545D33A4D72179
    SHA-256:72EC81E0BB6F6800FCD48AFFCEDD6B377B1E1AC4E78F06B0B35A494EC43529E7
    SHA-512:02A3DAC3457BFCBAF27F5F01EE66FED576D4B922DB050F6EF28C1F5D4321C1468BBD28A1BA63F3706D2FD863BFBAE7D6847B68F012C89777A44C3DDD1A754A7C
    Malicious:true
    Antivirus:
    • Antivirus: Joe Sandbox ML, Detection: 100%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R...<_..<_..<_O.a_..<_..2_..<_.6_..<_.8_..<_..7_..<_..8_..<_..=_ .<_d.7_..<_K.:_..<_Rich..<_........................PE..L...Sb.e................. ...`.......$.......0....@..........................................................................7.......`..H............................................................................0...............................text............ .................. ..`.rdata..t....0... ...0..............@..@.data........P.......P..............@....rsrc...H....`...0...`..............@..@........................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\sample.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):26
    Entropy (8bit):3.95006375643621
    Encrypted:false
    SSDEEP:3:ggPYV:rPYV
    MD5:187F488E27DB4AF347237FE461A079AD
    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
    Malicious:false
    Preview:[ZoneTransfer]....ZoneId=0
    Process:C:\Windows\SysWOW64\WerFault.exe
    File Type:MS Windows registry file, NT/2000 or above
    Category:dropped
    Size (bytes):1835008
    Entropy (8bit):4.465999369258548
    Encrypted:false
    SSDEEP:6144:xIXfpi67eLPU9skLmb0b4UWSPKaJG8nAgejZMMhA2gX4WABl0uNndwBCswSbHE:SXD94UWlLZMM6YFH5+H
    MD5:274461F9E11DEB4E6F53650FB40BCB63
    SHA1:773959B85549B102726047D24FA508BCDA1F8B18
    SHA-256:F1B55D6608F60609C630560A3154509D5C03D7F8E75BB939A3CD393B2EDA8CE4
    SHA-512:1FF51DB7EF4471A3CAD3C5A54D43F8F8EB5B87A985E5962755C8478A18F8891F59481C1C5C79A4C17039492F22212400529E6EBB5BFEE53FD8A485086DA71117
    Malicious:false
    Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....H..............................................................................................................................................................................................................................................................................................................................................E)..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):4.877017203647963
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:sample.exe
    File size:102'400 bytes
    MD5:a3fd043c364d24fce08095727ae115d0
    SHA1:3ebe5124d8ece2611428289c86545d33a4d72179
    SHA256:72ec81e0bb6f6800fcd48affcedd6b377b1e1ac4e78f06b0b35a494ec43529e7
    SHA512:02a3dac3457bfcbaf27f5f01ee66fed576d4b922db050f6ef28c1f5d4321c1468bbd28a1ba63f3706d2fd863bfbae7d6847b68f012c89777a44c3ddd1a754a7c
    SSDEEP:768:/fQgxkwhxeY0M0NY+ZXCR60YZZWjti4Pz7JSZP7KL6yoVkzQol0AYzzaXs+pl:/fy7Y0M776JD6jhyOLnoVkztFYac+
    TLSH:2DA3E623EB910675C067433335576BF0C79DE3960261229F425BEB887D222BB9F6E349
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R...<_..<_..<_O.a_..<_..2_..<_..6_..<_..8_..<_..7_..<_..8_..<_..=_ .<_d.7_..<_K.:_..<_Rich..<_........................PE..L..
    Icon Hash:35759e67af6f9f4b
    Entrypoint:0x4024a0
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    DLL Characteristics:
    Time Stamp:0x65936253 [Tue Jan 2 01:09:39 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:54d37aa6b27d39c04d9febe664e3ca52
    Instruction
    push ebp
    mov ebp, esp
    push FFFFFFFFh
    push 00403688h
    push 00402626h
    mov eax, dword ptr fs:[00000000h]
    push eax
    mov dword ptr fs:[00000000h], esp
    sub esp, 68h
    push ebx
    push esi
    push edi
    mov dword ptr [ebp-18h], esp
    xor ebx, ebx
    mov dword ptr [ebp-04h], ebx
    push 00000002h
    call dword ptr [00403238h]
    pop ecx
    or dword ptr [00405508h], FFFFFFFFh
    or dword ptr [0040550Ch], FFFFFFFFh
    call dword ptr [00403234h]
    mov ecx, dword ptr [004054FCh]
    mov dword ptr [eax], ecx
    call dword ptr [00403230h]
    mov ecx, dword ptr [004054F8h]
    mov dword ptr [eax], ecx
    mov eax, dword ptr [0040322Ch]
    mov eax, dword ptr [eax]
    mov dword ptr [00405504h], eax
    call 00007F1D8CBA82BBh
    cmp dword ptr [004053F0h], ebx
    jne 00007F1D8CBA81AEh
    push 00402622h
    call dword ptr [00403228h]
    pop ecx
    call 00007F1D8CBA828Dh
    push 00405038h
    push 00405034h
    call 00007F1D8CBA8278h
    mov eax, dword ptr [004054F4h]
    mov dword ptr [ebp-6Ch], eax
    lea eax, dword ptr [ebp-6Ch]
    push eax
    push dword ptr [004054F0h]
    lea eax, dword ptr [ebp-64h]
    push eax
    lea eax, dword ptr [ebp-70h]
    push eax
    lea eax, dword ptr [ebp-60h]
    push eax
    call dword ptr [0040325Ch]
    push 00405030h
    push 00405000h
    call 00007F1D8CBA8245h
    Programming Language:
    • [C++] VS98 (6.0) SP6 build 8804
    • [C++] VS98 (6.0) build 8168
    • [EXP] VC++ 6.0 SP5 build 8804
    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x37d80xb4.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x12e48.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x30000x2d0.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x17820x2000False0.3843994140625data4.712059039744991IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x30000x10740x2000False0.214599609375data3.1402339478066277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x50000x5100x1000False0.096923828125data0.9047321894272715IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0x60000x12e480x13000False0.47773180509868424data5.192773923057832IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    NameRVASizeTypeLanguageCountryZLIB Complexity
    ASDFE0x6ab00x212dataChineseChina0.5792452830188679
    RT_BITMAP0x6cc80x10c20Device independent bitmap graphic, 196 x 175 x 16, image size 0EnglishGreat Britain0.48787878787878786
    RT_BITMAP0x189e00x428Device independent bitmap graphic, 128 x 15 x 4, image size 960FrenchSwitzerland0.3618421052631579
    RT_ICON0x178e80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ItalianSwitzerland0.33198924731182794
    RT_ICON0x17bd00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128ItalianSwitzerland0.4391891891891892
    RT_ICON0x17d200xca8Device independent bitmap graphic, 32 x 64 x 24, image size 3200EnglishAustralia0.3135802469135803
    RT_DIALOG0x64d80xd0dataChineseChina0.7259615384615384
    RT_DIALOG0x65a80x1dadataChineseChina0.5084388185654009
    RT_STRING0x18e080x3cdataChineseChina0.65
    RT_GROUP_ICON0x189c80x14dataEnglishAustralia1.25
    RT_GROUP_ICON0x17cf80x22dataItalianSwitzerland1.0
    RT_VERSION0x67880x324dataChineseChina0.5087064676616916
    RT_MANIFEST0x63500x188XML 1.0 document, ASCII text, with CRLF line terminatorsJapaneseJapan0.5892857142857143
    DLLImport
    MFC42.DLL
    MSVCRT.dll_initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _setmbcp, malloc, __CxxFrameHandler, _mbscmp, __dllonexit, _onexit, _exit, __getmainargs, _acmdln, exit, _XcptFilter, _controlfp
    KERNEL32.dllGetModuleFileNameA, FreeLibrary, GetStartupInfoA, LocalFree, OutputDebugStringA, Sleep, GetProcAddress, CreateEventA, CloseHandle, LoadLibraryA, CreateThread, VirtualProtect, GetModuleHandleA, ResetEvent, WaitForSingleObject
    USER32.dllEnableWindow, GetWindowRect, ClipCursor, SystemParametersInfoA, FindWindowA, LoadIconA, SendMessageA, AppendMenuA, GetSystemMenu, DrawIcon, GetClientRect, GetSystemMetrics, ShowWindow, IsIconic
    GDI32.dllCreateSolidBrush
    ADVAPI32.dllRegSetValueExA, RegCloseKey, GetNamedSecurityInfoA, BuildExplicitAccessWithNameA, SetEntriesInAclA, SetNamedSecurityInfoA, RegOpenKeyExA
    WS2_32.dllgethostbyname, htons, send, closesocket, WSACleanup, WSAStartup, socket
    MSVCP60.dll??1Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z, ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z, ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ??0Init@ios_base@std@@QAE@XZ
    Language of compilation systemCountry where language is spokenMap
    ChineseChina
    EnglishGreat Britain
    FrenchSwitzerland
    EnglishAustralia
    JapaneseJapan
    TimestampSource PortDest PortSource IPDest IP
    Jan 17, 2024 04:02:14.438278913 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:14.756162882 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:14.756232977 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:14.757076025 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.074877977 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.074901104 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.074955940 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.074970007 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.075018883 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.075067997 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.392576933 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.392628908 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.392729044 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.392740965 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.392771006 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.392817020 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.392841101 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.392882109 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.392923117 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.392939091 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.441612959 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.710436106 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710500002 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710537910 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710556984 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.710577965 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710617065 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710642099 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.710659027 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710695982 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710711956 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.710731983 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710768938 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710786104 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.710804939 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710841894 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710858107 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.710880041 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.710927010 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:15.759076118 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.759118080 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:15.759218931 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.028702021 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.028734922 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.028753042 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.028770924 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.028865099 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.028920889 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.028954983 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.028954983 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.028990030 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029021025 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029093981 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029153109 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029186964 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029241085 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029292107 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029314041 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029423952 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029472113 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029525042 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029591084 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029639959 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029656887 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029738903 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029787064 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029803991 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029817104 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029870033 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029872894 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029894114 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029908895 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.029957056 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.029968977 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.030019045 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.030179024 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.030356884 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.030407906 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.076575994 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.076615095 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.076653957 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.076695919 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.076733112 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.076752901 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346368074 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346383095 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346398115 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346412897 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346424103 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346445084 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346457958 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346473932 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346515894 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346518993 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346532106 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346544981 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346576929 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346587896 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346599102 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346606016 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346641064 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346676111 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346713066 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346749067 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346771002 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346817970 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346888065 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346919060 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346925974 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346961975 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.346973896 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.346998930 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347034931 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347063065 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347070932 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347106934 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347124100 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347145081 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347182989 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347209930 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347250938 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347285986 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347302914 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347321987 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347358942 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347373962 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347394943 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347430944 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347446918 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347465992 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347518921 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347520113 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347563028 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347599983 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347615957 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347635031 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347671032 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347691059 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347706079 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347742081 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347759962 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347778082 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347812891 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347840071 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347848892 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347884893 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347909927 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347919941 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347954988 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.347970009 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.347990990 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.348026991 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.348037004 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.348064899 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.348117113 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.394728899 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394773006 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394809961 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394834995 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.394845963 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394881964 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394893885 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.394917965 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394953012 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.394975901 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.394989967 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.395036936 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.665683985 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665744066 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665782928 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665812969 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.665819883 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665857077 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665894985 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.665921926 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665957928 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.665982008 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.665997028 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666034937 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666055918 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666070938 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666110039 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666130066 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666146994 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666186094 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666201115 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666224957 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666263103 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666280985 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666301012 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666338921 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666356087 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666373968 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666412115 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666429043 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666446924 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666482925 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666501045 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666517973 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666558027 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666574955 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666594028 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666630030 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666649103 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666667938 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666707039 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666723967 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666742086 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666779995 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666798115 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666815996 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666851044 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666872978 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666887045 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666922092 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666939974 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.666959047 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.666995049 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667016983 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667031050 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667067051 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667087078 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667093039 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667109013 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667124987 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667140007 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667148113 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667156935 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667171955 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667172909 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667186975 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667201996 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667211056 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667216063 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667232990 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667249918 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667253971 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667265892 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667269945 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667284966 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667301893 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667303085 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667315960 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667327881 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667337894 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667340994 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667350054 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667361975 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667370081 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667372942 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667383909 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667395115 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667395115 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667407036 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667418003 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667428017 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667449951 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667453051 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667486906 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667503119 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667531013 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667583942 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667601109 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667651892 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667701960 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667723894 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667792082 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667835951 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667839050 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667870998 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667921066 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.667948961 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.667974949 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668021917 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668041945 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668097019 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668132067 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668143988 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668204069 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668226004 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668268919 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668306112 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668355942 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668421030 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668466091 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668525934 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668617964 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668735981 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668786049 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668808937 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668886900 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.668935061 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.668993950 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669065952 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669115067 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.669147015 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669229031 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669275045 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.669297934 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669343948 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669404030 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.669404984 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669459105 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669506073 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.669539928 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669626951 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669682980 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.669717073 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669820070 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.669868946 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.676023960 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.712496996 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712548971 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712608099 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.712618113 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712690115 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712745905 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.712757111 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712826014 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712883949 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.712912083 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.712984085 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713021040 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713032961 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.713089943 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713125944 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713143110 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.713212967 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713265896 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.713339090 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713377953 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713427067 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713438034 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.713464975 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.713515043 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.910543919 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.957385063 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.984837055 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.984854937 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.984930992 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.984946966 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.984952927 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.984999895 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.985021114 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985081911 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985138893 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.985140085 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985305071 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985356092 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.985425949 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985498905 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985549927 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.985579967 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985677958 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985724926 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.985743999 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985816002 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985860109 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.985896111 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.985997915 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986048937 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.986110926 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986166954 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986213923 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.986243010 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986339092 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986385107 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.986438990 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986449957 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986490011 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.986509085 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986594915 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986635923 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986644030 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.986716986 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986766100 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:16.986767054 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986778021 CET1603749729206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:16.986818075 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:17.004148960 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:17.051057100 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:17.938982010 CET4972916037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:18.041709900 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:18.348474026 CET1603749730206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:18.348771095 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:18.980796099 CET4973180192.168.2.414.29.101.169
    Jan 17, 2024 04:02:19.988559008 CET4973180192.168.2.414.29.101.169
    Jan 17, 2024 04:02:21.988492012 CET4973180192.168.2.414.29.101.169
    Jan 17, 2024 04:02:25.988464117 CET4973180192.168.2.414.29.101.169
    Jan 17, 2024 04:02:31.071890116 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.379111052 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.379195929 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.379883051 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.687814951 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.687911034 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.688019991 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.688040018 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.688080072 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.688132048 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.994975090 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.995017052 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.995070934 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.995091915 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.995167017 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.995219946 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.995270014 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.995383024 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:31.995431900 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:31.995471001 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.035356045 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.302033901 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302268028 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302330017 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.302395105 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302536011 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302576065 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302587032 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.302645922 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302683115 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302736044 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.302753925 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302791119 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302818060 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.302828074 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302881956 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302917957 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.302925110 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.303005934 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.342243910 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.342338085 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.342384100 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.609514952 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609580994 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609622955 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609637976 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.609661102 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609699965 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609714985 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.609738111 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609775066 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609786034 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.609813929 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609859943 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.609954119 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.609993935 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610042095 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.610084057 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610122919 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610250950 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610302925 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.610321999 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610359907 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610368013 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.610435009 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610522032 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610574961 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.610594034 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610666990 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610702991 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.610754967 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610804081 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.610827923 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610898018 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610934019 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.610950947 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.611028910 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.611103058 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.649338007 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.649378061 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.649416924 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.649456024 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.649456024 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.649564028 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.916886091 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.916960955 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917002916 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917030096 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917041063 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917107105 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917107105 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917190075 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917231083 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917236090 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917270899 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917339087 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917355061 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917433023 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917490005 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917494059 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917521954 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917556047 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917572975 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917642117 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917706966 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917771101 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917809010 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917855978 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.917911053 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.917990923 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918057919 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918102980 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.918139935 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918231010 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918267965 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.918304920 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918355942 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.918407917 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918493032 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918576002 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.918605089 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918685913 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918801069 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918824911 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.918858051 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.918939114 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.918950081 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919023991 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919091940 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.919114113 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919194937 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919265032 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.919270992 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919393063 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919457912 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.919461966 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919547081 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919624090 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.919639111 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919702053 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919744015 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.919787884 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919883013 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.919934034 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.919962883 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920089960 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920133114 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920156002 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.920222998 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920270920 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.920298100 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920386076 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920427084 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.920469999 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920578957 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.920635939 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.957514048 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957603931 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957642078 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957675934 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.957678080 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957715988 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957753897 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957766056 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.957789898 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957820892 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:32.957828045 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:32.957904100 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224127054 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224186897 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224224091 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224236012 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224265099 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224307060 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224405050 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224520922 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224559069 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224587917 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224601030 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224639893 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224677086 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224713087 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224785089 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224837065 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224874973 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224914074 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.224966049 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.224983931 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225055933 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225075960 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.225155115 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225191116 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225209951 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.225342035 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225469112 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225486040 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.225594997 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225636959 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.225677013 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225717068 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225754023 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225795031 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.225856066 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.225912094 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.225999117 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226038933 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226075888 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226085901 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226114988 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226178885 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226212025 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226283073 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226352930 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226385117 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226458073 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226502895 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226552010 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226593971 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226630926 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226666927 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226679087 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226756096 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226794004 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.226843119 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226928949 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.226974010 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227015018 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227051020 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227087975 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227098942 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227134943 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227157116 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227230072 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227289915 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227303028 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227404118 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227441072 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227463007 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227540970 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227586985 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227674961 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227713108 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227756023 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227807045 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227844000 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227880001 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.227900982 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.227952957 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228009939 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.228045940 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228302956 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228341103 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228358030 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.228378057 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228414059 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228418112 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.228452921 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228491068 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228507996 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.228529930 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228568077 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228570938 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.228688002 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228748083 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.228924036 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.228997946 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229037046 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229080915 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229125023 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229176998 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229197025 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229233980 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229269028 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229310036 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229368925 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229429007 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229512930 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229551077 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229588985 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229636908 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229753971 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229792118 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229809999 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229854107 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.229902029 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.229970932 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230007887 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230159044 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230211973 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.230431080 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230484009 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.230532885 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230604887 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230681896 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230689049 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.230804920 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230856895 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.230865002 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230937004 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.230994940 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.231045008 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231230021 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231285095 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.231323004 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231393099 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231445074 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.231527090 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231626987 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231703997 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231755018 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.231787920 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.231889009 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.254223108 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.264934063 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.264954090 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.264971018 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265008926 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265094995 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265113115 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265129089 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265145063 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265161991 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265166044 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265166044 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265182018 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265197992 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265213013 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265223026 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265232086 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265249014 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265260935 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265265942 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265285015 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265286922 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265300989 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.265301943 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.265341997 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.488708019 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531204939 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531232119 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531286955 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531296968 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531337023 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531358957 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531398058 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531443119 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531492949 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531538963 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531584978 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531630039 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531632900 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531687975 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531734943 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531744003 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531804085 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531847954 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.531850100 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.531955957 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532042980 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532089949 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532094002 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532159090 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532185078 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532203913 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532224894 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532263994 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532282114 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532321930 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532351017 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532423973 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532469034 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532491922 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532596111 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532644987 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532674074 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532757044 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532810926 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.532907009 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532936096 CET1603749732206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:33.532991886 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.535474062 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.582541943 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:33.988481045 CET4973180192.168.2.414.29.101.169
    Jan 17, 2024 04:02:35.536201954 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:35.840744019 CET1603749730206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:35.894762039 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:37.530158043 CET4973216037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:39.990767956 CET4973880192.168.2.414.29.101.160
    Jan 17, 2024 04:02:41.004141092 CET4973880192.168.2.414.29.101.160
    Jan 17, 2024 04:02:43.019751072 CET4973880192.168.2.414.29.101.160
    Jan 17, 2024 04:02:47.019732952 CET4973880192.168.2.414.29.101.160
    Jan 17, 2024 04:02:52.238662004 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:52.542541981 CET1603749730206.238.220.90192.168.2.4
    Jan 17, 2024 04:02:52.582256079 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:02:55.021083117 CET4973880192.168.2.414.29.101.160
    Jan 17, 2024 04:03:01.036051989 CET4973980192.168.2.414.29.101.168
    Jan 17, 2024 04:03:02.035371065 CET4973980192.168.2.414.29.101.168
    Jan 17, 2024 04:03:04.035449982 CET4973980192.168.2.414.29.101.168
    Jan 17, 2024 04:03:08.035409927 CET4973980192.168.2.414.29.101.168
    Jan 17, 2024 04:03:09.160615921 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:03:09.464848042 CET1603749730206.238.220.90192.168.2.4
    Jan 17, 2024 04:03:09.519776106 CET4973016037192.168.2.4206.238.220.90
    Jan 17, 2024 04:03:16.035408020 CET4973980192.168.2.414.29.101.168
    Jan 17, 2024 04:03:31.522371054 CET4973016037192.168.2.4206.238.220.90
    TimestampSource PortDest PortSource IPDest IP
    Jan 17, 2024 04:02:18.438715935 CET5659253192.168.2.41.1.1.1
    Jan 17, 2024 04:02:18.971795082 CET53565921.1.1.1192.168.2.4
    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 17, 2024 04:02:18.438715935 CET192.168.2.41.1.1.10xe987Standard query (0)whois.pconline.com.cnA (IP address)IN (0x0001)false
    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 17, 2024 04:02:18.971795082 CET1.1.1.1192.168.2.40xe987No error (0)whois.pconline.com.cnwhois.pconline.com.cn.ctadns.cnCNAME (Canonical name)IN (0x0001)false
    Jan 17, 2024 04:02:18.971795082 CET1.1.1.1192.168.2.40xe987No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.169A (IP address)IN (0x0001)false
    Jan 17, 2024 04:02:18.971795082 CET1.1.1.1192.168.2.40xe987No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.160A (IP address)IN (0x0001)false
    Jan 17, 2024 04:02:18.971795082 CET1.1.1.1192.168.2.40xe987No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.168A (IP address)IN (0x0001)false

    Click to jump to process

    Click to jump to process

    Click to dive into process behavior distribution

    Click to jump to process

    Target ID:0
    Start time:04:02:13
    Start date:17/01/2024
    Path:C:\Users\user\Desktop\sample.exe
    Wow64 process (32bit):true
    Commandline:C:\Users\user\Desktop\sample.exe
    Imagebase:0x400000
    File size:102'400 bytes
    MD5 hash:A3FD043C364D24FCE08095727AE115D0
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Target ID:1
    Start time:04:02:17
    Start date:17/01/2024
    Path:C:\Program Files (x86)\msiexec.exe
    Wow64 process (32bit):true
    Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
    Imagebase:0x6c0000
    File size:59'904 bytes
    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Antivirus matches:
    • Detection: 0%, ReversingLabs
    • Detection: 0%, Virustotal, Browse
    Reputation:moderate
    Has exited:true

    Target ID:2
    Start time:04:02:28
    Start date:17/01/2024
    Path:C:\Windows\explorer.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
    Imagebase:0x7ff72b770000
    File size:5'141'208 bytes
    MD5 hash:662F4F92FDE3557E86D110526BB578D5
    Has elevated privileges:false
    Has administrator privileges:false
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:3
    Start time:04:02:29
    Start date:17/01/2024
    Path:C:\Windows\explorer.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    Imagebase:0x7ff72b770000
    File size:5'141'208 bytes
    MD5 hash:662F4F92FDE3557E86D110526BB578D5
    Has elevated privileges:false
    Has administrator privileges:false
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:4
    Start time:04:02:30
    Start date:17/01/2024
    Path:C:\Users\user\Documents\msedge.exe
    Wow64 process (32bit):false
    Commandline:"C:\Users\user\Documents\msedge.exe"
    Imagebase:0x400000
    File size:102'400 bytes
    MD5 hash:A3FD043C364D24FCE08095727AE115D0
    Has elevated privileges:false
    Has administrator privileges:false
    Programmed in:C, C++ or other language
    Antivirus matches:
    • Detection: 100%, Joe Sandbox ML
    Reputation:low
    Has exited:true

    Target ID:7
    Start time:04:02:30
    Start date:17/01/2024
    Path:C:\Users\user\Documents\msedge.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Documents\msedge.exe"
    Imagebase:0x400000
    File size:102'400 bytes
    MD5 hash:A3FD043C364D24FCE08095727AE115D0
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Target ID:9
    Start time:04:02:33
    Start date:17/01/2024
    Path:C:\Program Files (x86)\msiexec.exe
    Wow64 process (32bit):true
    Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
    Imagebase:0x6c0000
    File size:59'904 bytes
    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    Target ID:14
    Start time:04:03:21
    Start date:17/01/2024
    Path:C:\Windows\SysWOW64\WerFault.exe
    Wow64 process (32bit):true
    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 1592
    Imagebase:0x600000
    File size:483'680 bytes
    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Reset < >

      Execution Graph

      Execution Coverage:4.4%
      Dynamic/Decrypted Code Coverage:83.6%
      Signature Coverage:27.6%
      Total number of Nodes:275
      Total number of Limit Nodes:5
      execution_graph 11883 4018c0 #4710 GetSystemMenu #2863 11884 401955 SendMessageA SendMessageA 11883->11884 11885 4018f7 #540 #4160 11883->11885 11890 401770 OutputDebugStringA #823 11884->11890 11886 401944 #800 11885->11886 11887 40191e AppendMenuA AppendMenuA 11885->11887 11886->11884 11887->11886 11889 401982 CreateSolidBrush #1641 #5802 #6197 11891 4017ce 11890->11891 11892 4017c7 11890->11892 11901 4011f0 11891->11901 11900 401080 WSAStartup CreateEventA 11892->11900 11896 4017f5 11898 401813 Sleep 11896->11898 11899 401805 Sleep 11896->11899 11898->11889 11899->11898 11899->11899 11900->11891 11905 401210 socket 11901->11905 11903 401200 11903->11896 11904 401130 send 11903->11904 11904->11896 11906 401233 11905->11906 11907 40122a 11905->11907 11908 40123e gethostbyname htons GetProcAddress connect 11906->11908 11907->11903 11909 4012a3 CreateThread 11908->11909 11910 401288 ResetEvent WaitForSingleObject 11908->11910 11909->11903 11911 4012d0 11909->11911 11910->11908 11912 4012da 11911->11912 11913 401304 GetProcAddress recv 11912->11913 11914 40137d Sleep Sleep Sleep Sleep Sleep 11912->11914 11917 401337 Sleep Sleep Sleep 11912->11917 11913->11912 11915 4013e6 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@ FreeLibrary WSACleanup 11913->11915 11919 401190 malloc 11914->11919 11917->11912 11917->11914 11918 4013d7 11920 4011a9 11919->11920 11921 4011ad VirtualProtect CreateThread 11919->11921 11920->11918 11921->11918 11922 2650048 11921->11922 11925 2650058 11922->11925 11928 2650088 11925->11928 11927 2650052 11947 2650858 11928->11947 11930 2650090 11969 2650478 11930->11969 11932 26500a2 11933 26500b8 11932->11933 11934 26500ab 11932->11934 11995 26505d8 11933->11995 12060 2650688 11934->12060 11939 26500d7 11998 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 11939->11998 11940 26500ca 11941 2650688 LoadLibraryA 11940->11941 11942 26500d0 11941->11942 11942->11927 11944 2650688 LoadLibraryA 11945 26500e0 11944->11945 11945->11927 11948 26508ec 11947->11948 12063 26507e8 11948->12063 11950 2651158 11951 26507e8 LoadLibraryA 11950->11951 11952 2651179 11951->11952 11953 26507e8 LoadLibraryA 11952->11953 11954 26511df 11953->11954 11955 26507e8 LoadLibraryA 11954->11955 11956 26511fd 11955->11956 11957 26507e8 LoadLibraryA 11956->11957 11958 2651247 11957->11958 11959 26507e8 LoadLibraryA 11958->11959 11960 26512d1 11959->11960 11961 26507e8 LoadLibraryA 11960->11961 11962 26512f2 11961->11962 11963 26507e8 LoadLibraryA 11962->11963 11964 2651313 11963->11964 11965 26507e8 LoadLibraryA 11964->11965 11966 2651334 11965->11966 11967 26507e8 LoadLibraryA 11966->11967 11968 2651435 11967->11968 11968->11930 11970 2650858 LoadLibraryA 11969->11970 11971 2650482 11970->11971 11972 265048f 11971->11972 11973 26504aa VirtualAlloc 11971->11973 11972->11932 11974 26504c2 11973->11974 11975 26504d7 11974->11975 11976 26504e8 VirtualAlloc VirtualAlloc 11974->11976 11975->11932 11977 265052a 11976->11977 12066 26500f8 11977->12066 11979 2650544 12071 2650348 11979->12071 11982 2650578 12076 26501a8 11982->12076 11983 2650568 11984 2650688 LoadLibraryA 11983->11984 11986 265056d 11984->11986 11986->11932 11988 26505bc 11988->11932 11989 26505a0 11989->11988 11993 2650688 LoadLibraryA 11989->11993 11990 265058f 11991 2650688 LoadLibraryA 11990->11991 11992 2650595 11991->11992 11992->11932 11994 26505b1 11993->11994 11994->11932 11996 2650858 LoadLibraryA 11995->11996 11997 26500c3 11996->11997 11997->11939 11997->11940 11999 1000e65e 11998->11999 12000 1000e64f ??2@YAPAXI 11998->12000 12082 10005180 RegCreateKeyA 11999->12082 12000->11999 12003 1000e69d 12093 1000de90 12003->12093 12004 1000e75f 12005 1000e764 GetModuleFileNameA 12004->12005 12006 1000e785 12004->12006 12009 1000e742 SetFileAttributesA CreateThread 12005->12009 12010 1000e791 OutputDebugStringA 12006->12010 12011 1000e78a OutputDebugStringA 12006->12011 12009->12010 12169 1000e530 12009->12169 12013 1000e923 12010->12013 12014 1000e7a5 12010->12014 12011->12010 12012 1000de90 105 API calls 12017 1000e6b1 12012->12017 12018 1000eb15 12013->12018 12019 1000e929 OutputDebugStringA _wcsicmp 12013->12019 12015 1000e7cc GetNativeSystemInfo 12014->12015 12016 1000e7ae ??2@YAPAXI 12014->12016 12023 1000e7e2 12015->12023 12024 1000e7e8 GetSystemWow64DirectoryA 12015->12024 12021 1000e7bd 12016->12021 12022 1000de90 105 API calls 12017->12022 12163 1000fb3c 12018->12163 12025 1000e967 _wcsicmp 12019->12025 12026 1000e94c 12019->12026 12021->12015 12028 1000e6bb 12022->12028 12023->12024 12029 1000e7fd GetSystemDirectoryA 12023->12029 12030 1000e810 OutputDebugStringA 12024->12030 12025->12018 12032 1000e981 OutputDebugStringA 12025->12032 12157 1000dc20 12026->12157 12027 26500da 12027->11944 12033 1000de90 105 API calls 12028->12033 12029->12030 12034 1000e820 12030->12034 12035 1000e9b5 GetNativeSystemInfo 12032->12035 12036 1000e997 ??2@YAPAXI 12032->12036 12039 1000e6c5 12033->12039 12034->12034 12040 1000e828 SHGetFolderPathA sprintf_s CopyFileA 12034->12040 12037 1000e9d1 GetSystemWow64DirectoryA 12035->12037 12038 1000e9cb 12035->12038 12041 1000e9a6 12036->12041 12043 1000e9f9 OutputDebugStringA 12037->12043 12038->12037 12042 1000e9e6 GetSystemDirectoryA 12038->12042 12044 1000de90 105 API calls 12039->12044 12045 1000e8a4 12040->12045 12041->12035 12042->12043 12046 1000ea08 12043->12046 12047 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 12044->12047 12045->12045 12048 1000e8ac OutputDebugStringA 12045->12048 12046->12046 12049 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 12046->12049 12047->12009 12050 1000e8e8 12048->12050 12051 1000e8d9 ??2@YAPAXI 12048->12051 12053 1000ea90 12049->12053 12137 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 12050->12137 12051->12050 12053->12053 12055 1000ea98 OutputDebugStringA OutputDebugStringA 12053->12055 12054 1000e908 12056 1000e915 FindCloseChangeNotification ExitProcess 12054->12056 12057 1000eb0f CloseHandle 12054->12057 12058 1000eacc ??2@YAPAXI 12055->12058 12059 1000eadb 12055->12059 12057->12018 12058->12059 12059->12057 12061 2650858 LoadLibraryA 12060->12061 12062 26500b1 12061->12062 12062->11927 12064 26507f0 12063->12064 12065 265083c LoadLibraryA 12064->12065 12065->11950 12067 2650858 LoadLibraryA 12066->12067 12069 2650108 12067->12069 12068 26501a1 12068->11979 12069->12068 12070 2650159 VirtualAlloc 12069->12070 12070->12069 12072 2650858 LoadLibraryA 12071->12072 12073 2650364 12072->12073 12074 265044c 12073->12074 12075 26507e8 LoadLibraryA 12073->12075 12074->11982 12074->11983 12075->12073 12077 2650858 LoadLibraryA 12076->12077 12079 26501b1 12077->12079 12078 26502b5 12078->11988 12078->11989 12078->11990 12079->12078 12080 26501fb VirtualFree 12079->12080 12081 2650283 VirtualProtect 12079->12081 12080->12079 12081->12079 12083 10005291 12082->12083 12084 100051c4 RegQueryValueExA 12082->12084 12085 1000fb3c __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 7 API calls 12083->12085 12086 100051f8 12084->12086 12087 100052a2 12085->12087 12088 10005234 RegQueryValueExA 12086->12088 12089 10005217 RegSetValueExA 12086->12089 12087->12003 12087->12004 12090 10005262 12088->12090 12091 1000526b RegSetValueExA 12088->12091 12089->12088 12090->12091 12092 10005284 RegCloseKey 12090->12092 12091->12092 12092->12083 12094 10005720 12 API calls 12093->12094 12095 1000deaa 12094->12095 12096 1000deb5 OpenProcess 12095->12096 12097 1000e37b 12095->12097 12096->12097 12098 1000ded0 OpenProcessToken 12096->12098 12099 1000fb3c __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 7 API calls 12097->12099 12100 1000e374 CloseHandle 12098->12100 12101 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 12098->12101 12102 1000e388 12099->12102 12100->12097 12103 1000df64 AdjustTokenPrivileges 12101->12103 12104 1000df88 LookupPrivilegeValueA 12101->12104 12102->12012 12103->12104 12105 1000dfa3 AdjustTokenPrivileges 12104->12105 12106 1000dfc7 LookupPrivilegeValueA 12104->12106 12105->12106 12107 1000dfe2 AdjustTokenPrivileges 12106->12107 12108 1000e006 LookupPrivilegeValueA 12106->12108 12107->12108 12109 1000e021 AdjustTokenPrivileges 12108->12109 12110 1000e045 LookupPrivilegeValueA 12108->12110 12109->12110 12111 1000e060 AdjustTokenPrivileges 12110->12111 12112 1000e084 LookupPrivilegeValueA 12110->12112 12111->12112 12113 1000e0c3 LookupPrivilegeValueA 12112->12113 12114 1000e09f AdjustTokenPrivileges 12112->12114 12115 1000e102 LookupPrivilegeValueA 12113->12115 12116 1000e0de AdjustTokenPrivileges 12113->12116 12114->12113 12117 1000e141 LookupPrivilegeValueA 12115->12117 12118 1000e11d AdjustTokenPrivileges 12115->12118 12116->12115 12119 1000e180 LookupPrivilegeValueA 12117->12119 12120 1000e15c AdjustTokenPrivileges 12117->12120 12118->12117 12121 1000e19b AdjustTokenPrivileges 12119->12121 12122 1000e1bf LookupPrivilegeValueA 12119->12122 12120->12119 12121->12122 12123 1000e1da AdjustTokenPrivileges 12122->12123 12124 1000e1fe LookupPrivilegeValueA 12122->12124 12123->12124 12125 1000e219 AdjustTokenPrivileges 12124->12125 12126 1000e23d LookupPrivilegeValueA 12124->12126 12125->12126 12127 1000e258 AdjustTokenPrivileges 12126->12127 12128 1000e27c LookupPrivilegeValueA 12126->12128 12127->12128 12129 1000e297 AdjustTokenPrivileges 12128->12129 12130 1000e2bb GetLengthSid SetTokenInformation 12128->12130 12129->12130 12131 1000dd00 64 API calls 12130->12131 12132 1000e303 12131->12132 12133 1000e315 PostThreadMessageA 12132->12133 12134 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 12132->12134 12133->12133 12133->12134 12135 1000e371 12134->12135 12136 1000e367 ??3@YAXPAX 12134->12136 12135->12100 12136->12135 12138 100054c5 OutputDebugStringA Wow64SuspendThread OutputDebugStringA VirtualAllocEx 12137->12138 12139 1000536c memset 12137->12139 12140 10005500 OutputDebugStringA WriteProcessMemory 12138->12140 12141 100054b2 12138->12141 12142 100053ad GetNativeSystemInfo 12139->12142 12143 1000538f ??2@YAPAXI 12139->12143 12140->12141 12147 10005526 OutputDebugStringA QueueUserAPC ResumeThread 12140->12147 12146 1000fb3c __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 7 API calls 12141->12146 12144 100053c7 12142->12144 12145 100053cd GetSystemWow64DirectoryA 12142->12145 12148 1000539e 12143->12148 12144->12145 12149 100053e1 GetSystemDirectoryA 12144->12149 12150 100053f3 OutputDebugStringA 12145->12150 12151 100054c1 12146->12151 12152 1000fb3c __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 7 API calls 12147->12152 12148->12142 12149->12150 12153 10005401 12150->12153 12151->12054 12154 1000555b 12152->12154 12153->12153 12155 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 12153->12155 12154->12054 12155->12138 12156 1000549a CloseHandle CloseHandle 12155->12156 12156->12141 12158 1000dc6d 6 API calls 12157->12158 12159 1000dc4f ??2@YAPAXI 12157->12159 12161 1000fb3c __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 7 API calls 12158->12161 12160 1000dc5e 12159->12160 12160->12158 12162 1000dcf0 12161->12162 12164 1000fb44 12163->12164 12165 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 12163->12165 12164->12027 12167 10010137 _crt_debugger_hook 12165->12167 12168 1001013f GetCurrentProcess TerminateProcess 12165->12168 12167->12168 12168->12027 12170 1000e550 RegOpenKeyExA 12169->12170 12171 1000e5ab 12170->12171 12172 1000e56c RegQueryValueExA 12170->12172 12173 1000e390 117 API calls 12171->12173 12174 1000e5a0 RegCloseKey 12172->12174 12175 1000e588 RegCloseKey Sleep 12172->12175 12176 1000e5b0 Sleep 12173->12176 12174->12171 12175->12170 12176->12170 12177 4014a0 #1134 #2621 12180 401830 #324 #1168 #1146 LoadIconA 12177->12180 12179 4014d7 #2514 #641 12180->12179 12181 4024a0 __set_app_type __p__fmode __p__commode 12182 40250f 12181->12182 12183 402523 12182->12183 12184 402517 __setusermatherr 12182->12184 12193 402610 _controlfp 12183->12193 12184->12183 12186 402528 _initterm __getmainargs _initterm 12187 40257c GetStartupInfoA 12186->12187 12189 4025b0 GetModuleHandleA 12187->12189 12194 402632 #1576 12189->12194 12192 4025d4 exit _XcptFilter 12193->12186 12194->12192

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 6 1000dd7c-1000dd84 4->6 7 1000de3d-1000de4a Thread32Next 4->7 8 1000dd86-1000dd8d 6->8 9 1000dded-1000ddf2 6->9 7->1 7->4 8->9 10 1000dd8f-1000dd9b 8->10 11 1000ddf4-1000de00 9->11 12 1000de2d-1000de32 9->12 13 1000dddb-1000dde5 10->13 14 1000dd9d-1000dda7 10->14 17 1000de02-1000de0a 11->17 18 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 11->18 15 1000de34-1000de37 12->15 16 1000de39 12->16 13->16 21 1000dde7-1000ddeb 13->21 14->18 20 1000ddad-1000ddb5 14->20 15->16 16->7 17->12 19 1000de0c-1000de19 17->19 31 1000deb5-1000deca OpenProcess 18->31 32 1000e37b-1000e38b call 1000fb3c 18->32 24 1000de1b-1000de1d 19->24 25 1000de1f 19->25 20->13 26 1000ddb7-1000ddc4 20->26 21->16 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 36 1000ded0-1000dee2 OpenProcessToken 31->36 33->34 34->12 38 1000ddd0 35->38 39 1000ddd2-1000ddd8 call 10006370 35->39 41 1000e374-1000e375 CloseHandle 36->41 42 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 36->42 38->39 39->13 41->32 45 1000df64-1000df86 AdjustTokenPrivileges 42->45 46 1000df88-1000dfa1 LookupPrivilegeValueA 42->46 45->46 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 46->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 46->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->41 79->78
      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
      • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
      • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
      • CloseHandle.KERNEL32(00000000), ref: 1000DE51
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
      • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
      • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
      • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
      • CloseHandle.KERNEL32(?), ref: 1000E35A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
      • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
      • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
      • API String ID: 1580616088-3994885262
      • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
      • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
      • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
      • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 154 1000de90-1000deaf call 10005720 157 1000deb5-1000deca OpenProcess 154->157 158 1000e37b-1000e38b call 1000fb3c 154->158 157->158 159 1000ded0-1000dee2 OpenProcessToken 157->159 161 1000e374-1000e375 CloseHandle 159->161 162 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 159->162 161->158 164 1000df64-1000df86 AdjustTokenPrivileges 162->164 165 1000df88-1000dfa1 LookupPrivilegeValueA 162->165 164->165 166 1000dfa3-1000dfc5 AdjustTokenPrivileges 165->166 167 1000dfc7-1000dfe0 LookupPrivilegeValueA 165->167 166->167 168 1000dfe2-1000e004 AdjustTokenPrivileges 167->168 169 1000e006-1000e01f LookupPrivilegeValueA 167->169 168->169 170 1000e021-1000e043 AdjustTokenPrivileges 169->170 171 1000e045-1000e05e LookupPrivilegeValueA 169->171 170->171 172 1000e060-1000e082 AdjustTokenPrivileges 171->172 173 1000e084-1000e09d LookupPrivilegeValueA 171->173 172->173 174 1000e0c3-1000e0dc LookupPrivilegeValueA 173->174 175 1000e09f-1000e0c1 AdjustTokenPrivileges 173->175 176 1000e102-1000e11b LookupPrivilegeValueA 174->176 177 1000e0de-1000e100 AdjustTokenPrivileges 174->177 175->174 178 1000e141-1000e15a LookupPrivilegeValueA 176->178 179 1000e11d-1000e13f AdjustTokenPrivileges 176->179 177->176 180 1000e180-1000e199 LookupPrivilegeValueA 178->180 181 1000e15c-1000e17e AdjustTokenPrivileges 178->181 179->178 182 1000e19b-1000e1bd AdjustTokenPrivileges 180->182 183 1000e1bf-1000e1d8 LookupPrivilegeValueA 180->183 181->180 182->183 184 1000e1da-1000e1fc AdjustTokenPrivileges 183->184 185 1000e1fe-1000e217 LookupPrivilegeValueA 183->185 184->185 186 1000e219-1000e23b AdjustTokenPrivileges 185->186 187 1000e23d-1000e256 LookupPrivilegeValueA 185->187 186->187 188 1000e258-1000e27a AdjustTokenPrivileges 187->188 189 1000e27c-1000e295 LookupPrivilegeValueA 187->189 188->189 190 1000e297-1000e2b9 AdjustTokenPrivileges 189->190 191 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 189->191 190->191 194 1000e315-1000e334 PostThreadMessageA 191->194 195 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 191->195 194->194 194->195 196 1000e371 195->196 197 1000e367-1000e36e ??3@YAXPAX@Z 195->197 196->161 197->196
      APIs
        • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
        • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • Part of subcall function 10005720: FindCloseChangeNotification.KERNELBASE(00000000), ref: 10005790
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
      • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
      • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
      • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
      • CloseHandle.KERNEL32(?), ref: 1000E35A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
      • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
      • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
      • API String ID: 2285828341-3151685581
      • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
      • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
      • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
      • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • OutputDebugStringA.KERNEL32(PuppetProcess1,?,?,74DE9350), ref: 100052DC
      • memset.MSVCR100 ref: 100052EA
      • OutputDebugStringA.KERNEL32(PuppetProcess2,?,?,74DE9350), ref: 10005340
      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,?,74DE9350), ref: 10005362
      • memset.MSVCR100 ref: 1000537F
      • ??2@YAPAXI@Z.MSVCR100 ref: 10005391
      • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,74DE9350), ref: 100053B4
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,?,74DE9350), ref: 100053D9
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100053ED
      • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,?,74DE9350), ref: 100053F8
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,?,74DE9350), ref: 10005438
      • sprintf_s.MSVCR100 ref: 10005456
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000546E
      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 10005494
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054A7
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054B0
      • OutputDebugStringA.KERNELBASE(PuppetProcess3,?,?,74DE9350), ref: 100054CA
      • Wow64SuspendThread.KERNEL32(?,?,?,74DE9350), ref: 100054D3
      • OutputDebugStringA.KERNEL32(PuppetProcess4,?,?,74DE9350), ref: 100054DE
      • VirtualAllocEx.KERNELBASE(?,00000000,0004DA78,00003000,00000040,?,?,74DE9350), ref: 100054F4
      • OutputDebugStringA.KERNELBASE(PuppetProcess5,?,?,74DE9350), ref: 10005505
      • WriteProcessMemory.KERNELBASE(?,00000000,?,0004DA78,00000000,?,?,74DE9350), ref: 1000551C
      • OutputDebugStringA.KERNELBASE(PuppetProcess6,?,?,74DE9350), ref: 1000552B
      • QueueUserAPC.KERNELBASE(00000000,?,00000000,?,?,74DE9350), ref: 10005536
      • ResumeThread.KERNELBASE(?,?,?,74DE9350), ref: 10005543
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadWow64memset$??2@AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWritesprintf_s
      • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
      • API String ID: 1861898608-3220118345
      • Opcode ID: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
      • Instruction ID: aded121a93d6f97706c05bd1408f558c03f80ff1c0b964637246e8f354e17e79
      • Opcode Fuzzy Hash: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
      • Instruction Fuzzy Hash: 727160F1900228AFEB15DB64CCD4EEA77BDEB48745F008199F609A7140DA71AF94CF61
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • GetProcAddress.KERNEL32(74D60000,recv), ref: 0040130F
      • recv.WS2_32(?,?,00002800,00000000), ref: 00401327
      • Sleep.KERNELBASE(0000000A), ref: 00401362
      • Sleep.KERNELBASE(0000000A), ref: 00401366
      • Sleep.KERNEL32(0000000A), ref: 0040136A
      • Sleep.KERNEL32(0000000A), ref: 004013BE
      • Sleep.KERNEL32(0000000A), ref: 004013C2
      • Sleep.KERNEL32(0000000A), ref: 004013C6
      • Sleep.KERNEL32(0000000A), ref: 004013CA
      • Sleep.KERNEL32(0000000A), ref: 004013CE
      • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP60(6D0CA484,Failed to get address of recv function), ref: 004013F1
      • ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z.MSVCP60(00000000), ref: 004013F8
      • FreeLibrary.KERNEL32(74D60000), ref: 00401408
      • WSACleanup.WS2_32 ref: 0040140E
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: Sleep$U?$char_traits@V?$basic_ostream@$??6std@@?endl@std@@AddressCleanupD@std@@@0@D@std@@@1@FreeLibraryProcV10@V21@@recv
      • String ID: 206.238.220.90$Failed to get address of recv function$recv
      • API String ID: 3081592892-4270088739
      • Opcode ID: a7ee4c617e318cf3673958e8d403d371162d5e1c6e21e0cc1667c98407d6214d
      • Instruction ID: 9be3d8a21712bd1a561837db3ef8e6b01427c5c74414111fb4788be54016bcab
      • Opcode Fuzzy Hash: a7ee4c617e318cf3673958e8d403d371162d5e1c6e21e0cc1667c98407d6214d
      • Instruction Fuzzy Hash: 9231E2327003049BD714DF64DD84B9B7B95EB84760F04457AEE05AF2D1CAB4AD09CBAA
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 293 10005720-1000575c CreateToolhelp32Snapshot Process32First 294 1000575e 293->294 295 1000578f-100057a7 FindCloseChangeNotification call 1000fb3c 293->295 296 10005760-10005773 _mbsicmp 294->296 298 10005775-10005785 Process32Next 296->298 299 10005789 296->299 298->296 301 10005787 298->301 299->295 301->295
      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
      • Process32First.KERNEL32(00000000,00000128), ref: 10005754
      • _mbsicmp.MSVCR100 ref: 10005768
      • Process32Next.KERNEL32(00000000,?), ref: 1000577D
      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 10005790
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
      • String ID: 360Tray.exe
      • API String ID: 169230292-3639442380
      • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
      • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
      • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
      • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 80 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 81 1000e66d-1000e697 call 10005180 80->81 82 1000e64f-1000e65c ??2@YAPAXI@Z 80->82 88 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 81->88 89 1000e75f-1000e762 81->89 83 1000e666 82->83 84 1000e65e-1000e664 82->84 86 1000e668 83->86 84->86 86->81 94 1000e742-1000e75d SetFileAttributesA CreateThread 88->94 90 1000e764-1000e783 GetModuleFileNameA 89->90 91 1000e785-1000e788 89->91 90->94 95 1000e791-1000e79f OutputDebugStringA 91->95 96 1000e78a-1000e78f OutputDebugStringA 91->96 94->95 98 1000e923 95->98 99 1000e7a5-1000e7ac 95->99 96->95 103 1000eb15-1000eb2b call 1000fb3c 98->103 104 1000e929-1000e94a OutputDebugStringA _wcsicmp 98->104 100 1000e7cc-1000e7e0 GetNativeSystemInfo 99->100 101 1000e7ae-1000e7bb ??2@YAPAXI@Z 99->101 109 1000e7e2-1000e7e6 100->109 110 1000e7e8-1000e7fb GetSystemWow64DirectoryA 100->110 106 1000e7c5 101->106 107 1000e7bd-1000e7c3 101->107 111 1000e967-1000e97b _wcsicmp 104->111 112 1000e94c-1000e962 call 1000dc20 104->112 114 1000e7c7 106->114 107->114 109->110 116 1000e7fd-1000e80a GetSystemDirectoryA 109->116 117 1000e810-1000e81f OutputDebugStringA 110->117 111->103 119 1000e981-1000e995 OutputDebugStringA 111->119 112->111 114->100 116->117 121 1000e820-1000e826 117->121 122 1000e9b5-1000e9c9 GetNativeSystemInfo 119->122 123 1000e997-1000e9a4 ??2@YAPAXI@Z 119->123 121->121 127 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 121->127 124 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 122->124 125 1000e9cb-1000e9cf 122->125 128 1000e9a6-1000e9ac 123->128 129 1000e9ae 123->129 131 1000e9f9-1000ea07 OutputDebugStringA 124->131 125->124 130 1000e9e6-1000e9f3 GetSystemDirectoryA 125->130 133 1000e8a4-1000e8aa 127->133 134 1000e9b0 128->134 129->134 130->131 135 1000ea08-1000ea0e 131->135 133->133 137 1000e8ac-1000e8d7 OutputDebugStringA 133->137 134->122 135->135 138 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 135->138 139 1000e8f7-1000e90f call 100052b0 137->139 140 1000e8d9-1000e8e6 ??2@YAPAXI@Z 137->140 142 1000ea90-1000ea96 138->142 148 1000e915-1000e91d FindCloseChangeNotification ExitProcess 139->148 149 1000eb0f CloseHandle 139->149 143 1000e8f0 140->143 144 1000e8e8-1000e8ee 140->144 142->142 147 1000ea98-1000eaca OutputDebugStringA * 2 142->147 145 1000e8f2 143->145 144->145 145->139 150 1000eacc-1000ead9 ??2@YAPAXI@Z 147->150 151 1000eafe-1000eb03 147->151 149->103 152 1000eaf7-1000eaf9 150->152 153 1000eadb-1000eaeb 150->153 151->149 152->151 153->152
      APIs
      • OutputDebugStringA.KERNELBASE(dll run), ref: 1000E5EF
      • OutputDebugStringA.KERNELBASE(dll run2), ref: 1000E5F6
      • GetCommandLineW.KERNEL32 ref: 1000E616
      • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
      • memset.MSVCR100 ref: 1000E63E
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
      • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
      • sprintf_s.MSVCR100 ref: 1000E714
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
      • SetFileAttributesA.KERNELBASE(?,00000002), ref: 1000E742
      • CreateThread.KERNELBASE(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
      • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
      • OutputDebugStringA.KERNELBASE(dll run3), ref: 1000E796
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
      • GetNativeSystemInfo.KERNELBASE(?), ref: 1000E7D1
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
      • OutputDebugStringA.KERNELBASE(dll run4), ref: 1000E815
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
      • sprintf_s.MSVCR100 ref: 1000E87B
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
      • OutputDebugStringA.KERNELBASE(?), ref: 1000E8CE
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 1000E915
      • ExitProcess.KERNEL32 ref: 1000E91D
      • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
      • _wcsicmp.MSVCR100 ref: 1000E943
      • _wcsicmp.MSVCR100 ref: 1000E974
      • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
      • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
      • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
      • sprintf_s.MSVCR100 ref: 1000EA63
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
      • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
      • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
        • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CF0086A), ref: 1000DC8B
        • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
        • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • Part of subcall function 1000DC20: CloseHandle.KERNEL32(?), ref: 1000DCD4
        • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderPathsprintf_s$CommandCreateHandleInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesChangeEventExitFindNotificationProcessThread_beginthreadexmemset
      • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
      • API String ID: 3194832325-3018988614
      • Opcode ID: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
      • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
      • Opcode Fuzzy Hash: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
      • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,75A8EC10), ref: 1000E3B4
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75A8EC10), ref: 1000E3C8
      • sprintf_s.MSVCR100 ref: 1000E3EC
      • sprintf_s.MSVCR100 ref: 1000E406
      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E429
      • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E458
      • RegCloseKey.ADVAPI32(?), ref: 1000E469
      • RegCloseKey.ADVAPI32(?), ref: 1000E482
      • OutputDebugStringA.KERNELBASE(meiyou), ref: 1000E489
      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000E4A7
      • RegSetValueExA.ADVAPI32(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000E509
      • RegCloseKey.ADVAPI32(?), ref: 1000E516
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Close$OpenValuesprintf_s$DebugFileFolderModuleNameOutputPathQueryString
      • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
      • API String ID: 3385724880-3482547359
      • Opcode ID: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
      • Instruction ID: bb064bbf97c2c62d535bce16861935705af5cb94d10b491402d3a44aacf73ef4
      • Opcode Fuzzy Hash: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
      • Instruction Fuzzy Hash: 1C41B6B1A00229ABE724EB60CC95FEE77B9EF48741F404189F605AB181DB70EE54CF60
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • #4710.MFC42(?,?,?,?,004026F8,000000FF), ref: 004018DA
      • GetSystemMenu.USER32(?,00000000,?,?,?,?,004026F8,000000FF), ref: 004018E5
      • #2863.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 004018EC
      • #540.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 004018FB
      • #4160.MFC42(00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 0040190E
      • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401932
      • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401941
      • #800.MFC42(00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 00401950
      • SendMessageA.USER32(?,00000080,00000001,?), ref: 0040196A
      • SendMessageA.USER32(?,00000080,00000000,?), ref: 0040197B
      • CreateSolidBrush.GDI32(00000000), ref: 00401984
      • #1641.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 00401990
      • #5802.MFC42(000003EA,000000CF,00000001,00000000,00000000,?,?,?,?,004026F8,000000FF), ref: 004019A5
      • #6197.MFC42(6D1CA098,00000000,00000000,00000000,00000000,00000003,000003EA,000000CF,00000001,00000000,00000000,?,?,?,?,004026F8), ref: 004019BC
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: Menu$AppendMessageSend$#1641#2863#4160#4710#540#5802#6197#800BrushCreateSolidSystem
      • String ID: `6@
      • API String ID: 299526166-1213645527
      • Opcode ID: 24929db14cd33e43e6965752aab6bc1e162f4aea1e8896d2f75077570610a2f9
      • Instruction ID: 64577c4a9b072b4d16e33900ab0bac8fea65f0c880726bb527a46fac44a935b1
      • Opcode Fuzzy Hash: 24929db14cd33e43e6965752aab6bc1e162f4aea1e8896d2f75077570610a2f9
      • Instruction Fuzzy Hash: 8B3153713407007BE220EB65CD86F6BB799BB88B10F104A2DF6557B2D1CBB8F9008B59
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 261 10005180-100051be RegCreateKeyA 262 10005291-100052a5 call 1000fb3c 261->262 263 100051c4-100051f6 RegQueryValueExA 261->263 265 10005201-1000520a 263->265 266 100051f8-100051ff 263->266 269 10005210-10005215 265->269 266->265 268 10005234-10005260 RegQueryValueExA 266->268 271 10005262-10005269 268->271 272 1000526b-10005282 RegSetValueExA 268->272 269->269 270 10005217-10005232 RegSetValueExA 269->270 270->268 271->272 273 10005284-1000528b RegCloseKey 271->273 272->273 273->262
      APIs
      • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
      • RegQueryValueExA.KERNELBASE(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
      • RegSetValueExA.KERNELBASE(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
      • RegQueryValueExA.KERNELBASE(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
      • RegSetValueExA.KERNELBASE(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
      • RegCloseKey.KERNELBASE(?,?,?), ref: 1000528B
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Value$Query$CloseCreate
      • String ID: BITS$Host$SYSTEM\Setup
      • API String ID: 2357964129-2174744495
      • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
      • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
      • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
      • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • socket.WS2_32(00000002,00000001,00000006), ref: 0040121C
      • gethostbyname.WS2_32(?), ref: 0040123F
      • htons.WS2_32(?), ref: 0040124F
      • GetProcAddress.KERNEL32(74D60000,connect), ref: 00401270
      • connect.WS2_32(?,?,00000010), ref: 00401281
      • ResetEvent.KERNEL32(?), ref: 0040128C
      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 0040129B
      • CreateThread.KERNELBASE(00000000,00000000,Function_000012D0,?,00000000,00000000), ref: 004012B1
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: AddressCreateEventObjectProcResetSingleThreadWaitconnectgethostbynamehtonssocket
      • String ID: connect
      • API String ID: 3219754876-1959786783
      • Opcode ID: 4c41718f995511b4e19e61dbe1beb07ff7b72ff6a41332ec730e158978cf068d
      • Instruction ID: a7ec17a1c9397f4a8347c85be3d4e262ab070995ff1524a48aaa81642f70005b
      • Opcode Fuzzy Hash: 4c41718f995511b4e19e61dbe1beb07ff7b72ff6a41332ec730e158978cf068d
      • Instruction Fuzzy Hash: C2118135640701ABD310EF68DC49F1BB7A8FB88711F104A6DF265F62E0C774A5148B59
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 280 1000e530-1000e547 281 1000e550-1000e56a RegOpenKeyExA 280->281 282 1000e5ab call 1000e390 281->282 283 1000e56c-1000e586 RegQueryValueExA 281->283 287 1000e5b0-1000e5bb Sleep 282->287 285 1000e5a0-1000e5a5 RegCloseKey 283->285 286 1000e588-1000e59e RegCloseKey Sleep 283->286 285->282 286->281 287->281
      APIs
      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
      • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
      • RegCloseKey.ADVAPI32(?), ref: 1000E58D
      • Sleep.KERNEL32(00000BB8), ref: 1000E598
      • RegCloseKey.KERNELBASE(?), ref: 1000E5A5
      • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
      Strings
      • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseSleep$OpenQueryValue
      • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 3341780449-3687489623
      • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
      • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 288 26507e8-2650849 call 2650718 call 26507c8 LoadLibraryA
      APIs
      • LoadLibraryA.KERNELBASE(?,00000000,00000072), ref: 02650844
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: A$b$d$i$o$y
      • API String ID: 1029625771-4132616007
      • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
      • Instruction ID: d41a03d296b7fd2be5b9954882d295c4607ac3a14e133320eb16419f93f6d7d1
      • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
      • Instruction Fuzzy Hash: A0F0745400D3D1AAD342E668944569BBED62BA2644F48CC8CE4D81B242D2BA965C8777
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 302 1000e549 303 1000e550-1000e56a RegOpenKeyExA 302->303 304 1000e5ab-1000e5bb call 1000e390 Sleep 303->304 305 1000e56c-1000e586 RegQueryValueExA 303->305 304->303 307 1000e5a0-1000e5a5 RegCloseKey 305->307 308 1000e588-1000e59e RegCloseKey Sleep 305->308 307->304 308->303
      APIs
      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
      • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
      • RegCloseKey.ADVAPI32(?), ref: 1000E58D
      • Sleep.KERNEL32(00000BB8), ref: 1000E598
      • RegCloseKey.KERNELBASE(?), ref: 1000E5A5
      • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
      Strings
      • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseSleep$OpenQueryValue
      • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 3341780449-3687489623
      • Opcode ID: 79d81ec7a7a5682851e7329382d69a247a2e8e04d85c073a27eac03db7012cba
      • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
      • Opcode Fuzzy Hash: 79d81ec7a7a5682851e7329382d69a247a2e8e04d85c073a27eac03db7012cba
      • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 310 401770-4017c5 OutputDebugStringA #823 311 4017d2 310->311 312 4017c7-4017c9 call 401080 310->312 314 4017d4-4017e5 call 4011f0 311->314 315 4017ce-4017d0 312->315 318 4017f5-401803 314->318 319 4017e7-4017f0 call 401130 314->319 315->314 321 401813-40182c Sleep 318->321 322 401805-401811 Sleep 318->322 319->318 322->321 322->322
      APIs
      • OutputDebugStringA.KERNELBASE(Mfc), ref: 0040178F
      • #823.MFC42(0009B508), ref: 004017AF
      • Sleep.KERNELBASE(00000064,?,?,?,?,?,?,?,?,004026BB,000000FF), ref: 00401807
      • Sleep.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,004026BB,000000FF), ref: 00401815
        • Part of subcall function 00401080: WSAStartup.WS2_32(00000202,?), ref: 004010A6
        • Part of subcall function 00401080: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010B3
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: Sleep$#823CreateDebugEventOutputStartupString
      • String ID: Mfc
      • API String ID: 3196058339-1612659522
      • Opcode ID: bebb76b723997918654a999a69f69a20b33b32606a1c900f57b52688f8bd6edc
      • Instruction ID: 4e81b0ca89eaf2c811d033bf8b2def4f79f93be1ff23169893ae51c573424b6d
      • Opcode Fuzzy Hash: bebb76b723997918654a999a69f69a20b33b32606a1c900f57b52688f8bd6edc
      • Instruction Fuzzy Hash: 8811E7712047419BC710EB299D01747B7E8AF84B60F10863EF865E77E0E778D5058B9A
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 323 26501a8-26501d2 call 2650858 326 26502b7-26502bb 323->326 327 26501d8-26501da 323->327 328 26501dd-26501f9 327->328 329 2650214-2650263 328->329 330 26501fb-265020f VirtualFree 328->330 332 2650265 329->332 333 2650268-265026d 329->333 331 2650295-26502af 330->331 331->328 336 26502b5-26502b6 331->336 332->333 334 2650281 333->334 335 265026f-2650271 333->335 334->331 339 2650283-2650292 VirtualProtect 334->339 337 2650273-2650276 335->337 338 2650278-265027a 335->338 336->326 340 265027f 337->340 338->331 341 265027c 338->341 339->331 340->334 341->340
      APIs
      • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 0265020C
      • VirtualProtect.KERNELBASE(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 02650292
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Virtual$FreeProtect
      • String ID: $@
      • API String ID: 2581862158-1077428164
      • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
      • Instruction ID: 00a617a4e15b31e035eed9944954df35f8fc2ae17f5612449c6be4d60dd36107
      • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
      • Instruction Fuzzy Hash: 71316BB06043159FD748CF14C594B6AB7E6FF88708F408A0CE98AAB380D775E945CB92
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #1134.MFC42(00000000), ref: 004014BD
      • #2621.MFC42 ref: 004014C7
        • Part of subcall function 00401830: #324.MFC42(00000066,00000000,?,?,00000000,004026D8,000000FF,004014D7,00000000), ref: 00401854
        • Part of subcall function 00401830: #1168.MFC42(00000066,00000000,?,?,00000000), ref: 00401867
        • Part of subcall function 00401830: #1146.MFC42(00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 00401878
        • Part of subcall function 00401830: LoadIconA.USER32(00000000,00000080), ref: 0040187E
      • #2514.MFC42 ref: 004014EA
      • #641.MFC42 ref: 004014FB
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: #1134#1146#1168#2514#2621#324#641IconLoad
      • String ID:
      • API String ID: 1043086884-0
      • Opcode ID: efa230d1079e9de0d29f679f868029c9d7f9f27ec93580d8432ab6c15d55fb81
      • Instruction ID: 9ac1edc087fe73fa880d4135cd06f65b566d67c54fc8b22c3b4d24c0721ffe3b
      • Opcode Fuzzy Hash: efa230d1079e9de0d29f679f868029c9d7f9f27ec93580d8432ab6c15d55fb81
      • Instruction Fuzzy Hash: F6F0F0715047809BD714EB24CE06B4AB7E4BB44B24F100B3EF1A5672D0EFBC9901CB82
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #324.MFC42(00000066,00000000,?,?,00000000,004026D8,000000FF,004014D7,00000000), ref: 00401854
      • #1168.MFC42(00000066,00000000,?,?,00000000), ref: 00401867
      • #1146.MFC42(00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 00401878
      • LoadIconA.USER32(00000000,00000080), ref: 0040187E
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: #1146#1168#324IconLoad
      • String ID:
      • API String ID: 193567849-0
      • Opcode ID: ae38331880f904f8940b0db11f786ac260f9ac9c5cb01ac82e5bf28cb00e4633
      • Instruction ID: 82116a89cb9603d1ca7d6e139d9602a0a07866cbfa2ff2280934cd3600aa4aee
      • Opcode Fuzzy Hash: ae38331880f904f8940b0db11f786ac260f9ac9c5cb01ac82e5bf28cb00e4633
      • Instruction Fuzzy Hash: B0F05EB1644B50BFD3509F59CE06B1ABAA8FB04B20F008A2EF591A77C0D7FD44008B59
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • malloc.MSVCRT ref: 0040119A
      • VirtualProtect.KERNELBASE(00000000,0004DA78,00000040,?,?), ref: 004011CA
      • CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004011DA
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: CreateProtectThreadVirtualmalloc
      • String ID:
      • API String ID: 2647532177-0
      • Opcode ID: 58e15c8924ea8972c0800c7eea9696be7e5e5a9940ce2bf40b2c29b7faeb2bc2
      • Instruction ID: 8d9e41f2d670fbd8d0276bcc6d95a4163a15de53510f7612398299b8bb56db8a
      • Opcode Fuzzy Hash: 58e15c8924ea8972c0800c7eea9696be7e5e5a9940ce2bf40b2c29b7faeb2bc2
      • Instruction Fuzzy Hash: 7BF0E5F37852003FF2101A99AC8AFD7178CE384766F20003BF706AA2D0D9F99D40436A
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
      • Instruction ID: e5c246259e2320a82bf66cd98b1e46f124e691e0f2863d26c4a32345320b8d89
      • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
      • Instruction Fuzzy Hash: BC41C4B2341210AFE710DF68EC84F6B77E9EF88366F20456AFE05C6640EB71D8018B61
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAStartup.WS2_32(00000202,?), ref: 004010A6
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010B3
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: CreateEventStartup
      • String ID:
      • API String ID: 1546077022-0
      • Opcode ID: 11ed0e13db0c9aa82ccec19946252118a18e06037faf82fb9460f87969fb909b
      • Instruction ID: 394aeb8d342db8c09de8ab0d868a5f1eb1c33a91e9f2f4e1ea264a5cc676e037
      • Opcode Fuzzy Hash: 11ed0e13db0c9aa82ccec19946252118a18e06037faf82fb9460f87969fb909b
      • Instruction Fuzzy Hash: 0FF08C71200700AFE3309F1ACD19AA7FBECEBC9B11F40892EA5A5922A0D6B465088B51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • send.WS2_32(?,?,?,00000000), ref: 00401140
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: send
      • String ID:
      • API String ID: 2809346765-0
      • Opcode ID: cebc3933129569c27d3d0589123bb3a8c2f73757960158b94bd0f1ea6564c612
      • Instruction ID: 488cd9bb20f7c348d2eb7601e379ff2d51877881b147a6325f195ce6f5550ca2
      • Opcode Fuzzy Hash: cebc3933129569c27d3d0589123bb3a8c2f73757960158b94bd0f1ea6564c612
      • Instruction Fuzzy Hash: 4FD012BA301201BBD344CB68DC88F1BB7ECAB88711F20C46CB18AD72A0C630EC51CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #1576.MFC42(004025D4,004025D4,004025D4,004025D4,004025D4,00000000,?,0000000A), ref: 00402642
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: #1576
      • String ID:
      • API String ID: 1976119259-0
      • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
      • Instruction ID: ea4b61c8fcc58801f2f0c1502973059dbf9fdf1f53245db7a8e72a95c914a700
      • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
      • Instruction Fuzzy Hash: B4B00836018386ABCB06DE91890592ABAA2BB98344F494D5EB6A1500A187668428AB16
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualAlloc.KERNELBASE(?,?,00001000,00000004,?,00000000,00000000,00000000,?,02650544,?,?,00000000,?,?,?), ref: 02650169
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
      • Instruction ID: faa167f9067af47d7c682ee38a5b88c79600a728268657b3c082dfba8cdf6ed4
      • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
      • Instruction Fuzzy Hash: F72138B1600201AFE324CF59DC84B5AF3E9FF88305F14882DE98997341D7B5E895CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetModuleHandleW.KERNEL32(NTDLL,8834D961), ref: 100069D5
      • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 100069E5
      • OutputDebugStringA.KERNEL32(10012984), ref: 100069FD
      • memset.MSVCR100 ref: 10006A10
      • memset.MSVCR100 ref: 10006A22
      • gethostname.WS2_32(?,00000100), ref: 10006A36
      • gethostbyname.WS2_32(?), ref: 10006A43
      • inet_ntoa.WS2_32 ref: 10006A5B
      • strcat_s.MSVCR100 ref: 10006A74
      • strcat_s.MSVCR100 ref: 10006A8A
      • inet_ntoa.WS2_32 ref: 10006AAA
      • strcat_s.MSVCR100 ref: 10006ABD
      • strcat_s.MSVCR100 ref: 10006AD7
      • inet_addr.WS2_32(?), ref: 10006AF5
      • wsprintfA.USER32 ref: 10006B2E
      • OutputDebugStringA.KERNEL32(?), ref: 10006B45
      • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(00000000,http://whois.pconline.com.cn/ipJson.jsp), ref: 10006BDE
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10006BEA
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100 ref: 10006BF2
      • ??2@YAPAXI@Z.MSVCR100 ref: 10006C2B
      • ??3@YAXPAX@Z.MSVCR100 ref: 10006E0B
      • strncpy.MSVCR100 ref: 10006E6B
        • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
      • ??3@YAXPAX@Z.MSVCR100 ref: 10006E89
      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?), ref: 10006E99
      • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EB1
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EBD
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?), ref: 10006EC5
      • ??2@YAPAXI@Z.MSVCR100 ref: 10006EFE
      • ??3@YAXPAX@Z.MSVCR100 ref: 100070E0
      • strncpy.MSVCR100 ref: 1000713E
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000715C
      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007172
      • OutputDebugStringA.KERNEL32(100129EC,?,?,?,?,?,?,?,?,?,?,?), ref: 10007179
      • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 1000719D
      • RegQueryValueExA.ADVAPI32(?,~MHz,00000000,?,?,?,?,?,?,?,?), ref: 100071C5
      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071D2
      • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071EB
      • wsprintfA.USER32 ref: 10007204
      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000721E
      • OutputDebugStringA.KERNEL32(100129F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007248
      • capGetDriverDescriptionA.AVICAP32(00000000,?,00000064,?,00000032,?,?,?,?,?,?,?,?), ref: 10007262
      • wsprintfA.USER32 ref: 100072AD
      • OutputDebugStringA.KERNEL32(100129F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072BB
      • OutputDebugStringA.KERNEL32(100129F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072E1
      • ??3@YAXPAX@Z.MSVCR100 ref: 100072F4
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000733F
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000735E
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100073A9
      • ??3@YAXPAX@Z.MSVCR100 ref: 100073D1
      • ??3@YAXPAX@Z.MSVCR100 ref: 100073FB
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@DebugOutputString$Locimp@12@strcat_s$wsprintf$??2@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Init@locale@std@@V123@inet_ntoamemsetstrncpy$AddressCloseDescriptionDriverGlobalHandleInfoMemoryModuleOpenProcQueryStatusSystemValueXout_of_range@std@@gethostbynamegethostnameinet_addr
      • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
      • API String ID: 941699131-3408092411
      • Opcode ID: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
      • Instruction ID: 5937c9bef880f8db1bb605a9ff32026a22730c05f7b93559c92fa2109faa8b67
      • Opcode Fuzzy Hash: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
      • Instruction Fuzzy Hash: 446256B1D012699FEB25DF28CC84A9DB7B5FB48340F4185E9E54DA7242DB70AE84CF90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryA.KERNEL32(?), ref: 10005646
      • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000565A
      • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005665
      • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005670
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 1000567B
      • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 100056D3
      • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 100056DF
      • CloseHandle.KERNEL32(?), ref: 100056F2
      • FreeLibrary.KERNEL32(00000000), ref: 100056FD
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
      • String ID: .dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$pi32
      • API String ID: 3440622277-1578001699
      • Opcode ID: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
      • Instruction ID: 97513855ba7d5b96b8eea992fadbc770b1a1e9ea9204260f57e06f18dc82c778
      • Opcode Fuzzy Hash: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
      • Instruction Fuzzy Hash: 1531AFB5A01218ABEB10DBB4DD89BEEBBB8EF49641F104119FA05B7280DB71D910CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 02657000
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 02657025
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 02657039
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 02657084
      • CopyFileA.KERNEL32(?,?,00000000), ref: 026570BA
      • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0265711F
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02657140
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02657168
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02657182
      • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0265718F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
      • String ID: D$\msiexec.exe
      • API String ID: 3303475852-2685333904
      • Opcode ID: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
      • Instruction ID: a184bb63c8174fa92bd5e6ea423b17b62a0b1d026aaba8d26b67ea75231e238a
      • Opcode Fuzzy Hash: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
      • Instruction Fuzzy Hash: F7715FF1900228AFEB25DB64CCD4EEAB7BDEB48704F008199F60997240DA709F94CF61
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: MetricsSystem$#2379#470#755ClientDrawIconIconicMessageRectSend
      • String ID:
      • API String ID: 1397574227-0
      • Opcode ID: ba6df198c9fee10706e9f92bd5aec66db6e2c29323b93016af3720700b76ce6b
      • Instruction ID: 89e8adb469d91a838e668cb5929babd5a6835129643cd87033e24c9b0d28c74b
      • Opcode Fuzzy Hash: ba6df198c9fee10706e9f92bd5aec66db6e2c29323b93016af3720700b76ce6b
      • Instruction Fuzzy Hash: 46117F712142055FC614DF38DD49D6BBBEDFBC8305F084A2DB585D3290DA78E905CB55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsDebuggerPresent.KERNEL32 ref: 10010108
      • _crt_debugger_hook.MSVCR100(00000001), ref: 10010115
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001011D
      • UnhandledExceptionFilter.KERNEL32(10012404), ref: 10010128
      • _crt_debugger_hook.MSVCR100(00000001), ref: 10010139
      • GetCurrentProcess.KERNEL32(C0000409), ref: 10010144
      • TerminateProcess.KERNEL32(00000000), ref: 1001014B
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 3369434319-0
      • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction ID: 3dd05fdeb98c840c3ac9c3c292ea311adfb4bbb0d0e4fad1bae5c61b1b3eb1b5
      • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction Fuzzy Hash: 3521DDB8902A24DFF701DF65CDC56443BB6FB1C344F52801AE5088B26AE7B1E980CF09
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
      • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsDebuggerPresent.KERNEL32 ref: 02661D54
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02661D69
      • UnhandledExceptionFilter.KERNEL32(10012404), ref: 02661D74
      • GetCurrentProcess.KERNEL32(C0000409), ref: 02661D90
      • TerminateProcess.KERNEL32(00000000), ref: 02661D97
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 2579439406-0
      • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction ID: eeaf4415b9e3ce5c26d579f7965e6c24c66391810800aa169605c0d411c5d059
      • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction Fuzzy Hash: CB21BAB8802620DFF701DF65DCC96543BB6BB1C349F51855AEA0887365E771D981CF05
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID:
      • String ID: [RO] %ld bytes
      • API String ID: 0-772938740
      • Opcode ID: 8f0635cd9ab257fb411c857ac07a9750c9ded6c5cd7f79997f9a8f9f4608f4e8
      • Instruction ID: 7322f5e5fa6b3b035b878dfe40991121234928e9520a60201d928a8209d78fd8
      • Opcode Fuzzy Hash: 8f0635cd9ab257fb411c857ac07a9750c9ded6c5cd7f79997f9a8f9f4608f4e8
      • Instruction Fuzzy Hash: 312227B4A00B06CFDB64CF69C584A9ABBF1FF48344F20896DD85A97759D730E981CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10005809
      • ExitWindowsEx.USER32(?,00000000), ref: 100059F9
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ExchangeExitInterlockedWindows
      • String ID:
      • API String ID: 1543309128-0
      • Opcode ID: a3083d37ad37cc6b66fb216004716209a6c85477102b363bb14ba9b111caafcf
      • Instruction ID: e1ee78ba3e4ffb03c5e6a66d01acadce76c954ec158e6bdd089fc7101dc522f3
      • Opcode Fuzzy Hash: a3083d37ad37cc6b66fb216004716209a6c85477102b363bb14ba9b111caafcf
      • Instruction Fuzzy Hash: BD51FA36214A4587D260EF18E4114BBF36AFBD83A3BC0437BEC4943A89DF227465D6E1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 0265725C: LoadLibraryA.KERNEL32(?), ref: 02657292
        • Part of subcall function 0265725C: GetCurrentProcess.KERNEL32(00000028,?), ref: 026572C7
      • ExitWindowsEx.USER32(?,00000000), ref: 02657645
        • Part of subcall function 0265725C: LoadLibraryA.KERNEL32(10012638), ref: 0265731F
        • Part of subcall function 0265725C: CloseHandle.KERNEL32(?), ref: 0265733E
        • Part of subcall function 0265725C: FreeLibrary.KERNEL32(00000000), ref: 02657349
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Library$Load$CloseCurrentExitFreeHandleProcessWindows
      • String ID:
      • API String ID: 1803421334-0
      • Opcode ID: ede6d1776a155531ff32603fce61452d8a7694d66da748cae06978486bfb8998
      • Instruction ID: a29f368ddfff4ba98c2cc172e543c632c56321a1a2146efe19950e13d426af28
      • Opcode Fuzzy Hash: ede6d1776a155531ff32603fce61452d8a7694d66da748cae06978486bfb8998
      • Instruction Fuzzy Hash: 1FC0803230603111D31537747C6176FF7469FC5311F01425FFD4D591C1DD66546056D9
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8f0635cd9ab257fb411c857ac07a9750c9ded6c5cd7f79997f9a8f9f4608f4e8
      • Instruction ID: 656bac10ebaa154fc60a44fdf1a4483736e1edb6b75732e22692a76d7a091c65
      • Opcode Fuzzy Hash: 8f0635cd9ab257fb411c857ac07a9750c9ded6c5cd7f79997f9a8f9f4608f4e8
      • Instruction Fuzzy Hash: F82229B4A00B15DFCB24CF69C584AAABBF1FF88304F24899DD85A97755D730E981CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #3097.MFC42(000003E8,004054D4), ref: 00401B9E
      • #3097.MFC42(000003E9,004054D0,000003E8,004054D4), ref: 00401BAF
      • _mbscmp.MSVCRT ref: 00401BC7
      • #5953.MFC42(000003EB,0040537C), ref: 00401BDC
      • #5953.MFC42(000003E8,004054E4,000003EB,0040537C), ref: 00401BED
      • #5953.MFC42(000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401BFE
      • #3092.MFC42(000003E8,000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401C0A
      • #5981.MFC42(000003E8,000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401C11
      • _mbscmp.MSVCRT ref: 00401C27
      • #5953.MFC42(000003EB,00405360), ref: 00401C3C
      • #3092.MFC42(000003E8,000003EB,00405360), ref: 00401C48
      • #5981.MFC42(000003E8,000003EB,00405360), ref: 00401C4F
      • #3097.MFC42(000003EA,004054CC), ref: 00401D51
      • _mbscmp.MSVCRT ref: 00401D63
      • #5953.MFC42(000003EB,00405314), ref: 00401D7C
      • #5953.MFC42(000003EA,004054E4,000003EB,00405314), ref: 00401D8D
      • #3092.MFC42(000003EA,000003EA,004054E4,000003EB,00405314), ref: 00401D99
      • #5981.MFC42(000003EA,000003EA,004054E4,000003EB,00405314), ref: 00401DA0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: #5953$#3092#3097#5981_mbscmp
      • String ID: Shell_TrayWnd
      • API String ID: 2345305820-2988720461
      • Opcode ID: 455f8c89fc2bb1981af9a10776c35603da655b530fda02b23260adbf773b6009
      • Instruction ID: 09eca0634b82c8f294e250b21cdabe85b7eb0dae3ff9de2663f7faa7e097ef5a
      • Opcode Fuzzy Hash: 455f8c89fc2bb1981af9a10776c35603da655b530fda02b23260adbf773b6009
      • Instruction Fuzzy Hash: 15513B307C0B1177E9667735AE9BF6E2509AB80F0AF10013EBA017E2D2CEFC56419A4D
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0265FB09
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0265FB26
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0265FBE5
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0265FC24
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0265FC63
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0265FCA2
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0265FCE1
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0265FD20
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0265FD5F
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0265FD9E
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0265FDDD
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0265FE1C
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0265FE5B
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0265FE9A
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0265FED9
      • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0265FF29
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0265FF3D
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0265FF6B
      • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0265FF88
      • CloseHandle.KERNEL32(?), ref: 0265FFA6
      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0265FFC1
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: LookupPrivilegeValue$Process$CloseHandleOpenToken$InformationLengthMessagePostTerminateThread
      • String ID:
      • API String ID: 1335550552-3916222277
      • Opcode ID: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
      • Instruction ID: a0c3014a7f448d3a7ec14fbe4a5b132ada101ccc65a30a75806b2f634d466d85
      • Opcode Fuzzy Hash: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
      • Instruction Fuzzy Hash: 301294B1E40219ABEB14CFD5CD81BEEBBB9BF48700F108519E615BB284D7B0AA01CB55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 10002E7C
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
      • timeGetTime.WINMM ref: 10002E8E
      • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
      • gethostbyname.WS2_32(?), ref: 10002EDF
      • htons.WS2_32(?), ref: 10002EF8
      • connect.WS2_32(?,?,00000010), ref: 10002F16
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
      • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
      • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
      • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
      • _beginthreadex.MSVCR100 ref: 10002FF6
      • _beginthreadex.MSVCR100 ref: 1000300B
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
      • String ID: 0u
      • API String ID: 2079111011-3203441087
      • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
      • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
      • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
      • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • memset.MSVCR100 ref: 1000F659
      • memset.MSVCR100 ref: 1000F66C
      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 1000F68F
        • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
        • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Closememset$Open
      • String ID: %08X$Host
      • API String ID: 4198983563-2867006347
      • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
      • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
      • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
      • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • wsprintfA.USER32 ref: 1000DA17
      • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
      • GetLastError.KERNEL32 ref: 1000DA38
      • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
      • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
      • exit.MSVCR100 ref: 1000DA55
      • GetTickCount.KERNEL32 ref: 1000DAA0
      • GetTickCount.KERNEL32 ref: 1000DABB
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
      • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
      • CloseHandle.KERNEL32(?), ref: 1000DBE8
      • CloseHandle.KERNEL32(?), ref: 1000DC0B
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
      • String ID: %d:%d
      • API String ID: 3209965405-4036436701
      • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
      • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,8834D961,745947A0,?,?,00000001), ref: 10004AE6
      • EnterCriticalSection.KERNEL32(?,8834D961,745947A0,?,?,00000001), ref: 10004B0D
      • SetLastError.KERNEL32(0000139F), ref: 10004B21
      • LeaveCriticalSection.KERNEL32(?), ref: 10004B28
      • ??_V@YAXPAX@Z.MSVCR100 ref: 10004B2F
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$EnterLeave
      • String ID:
      • API String ID: 2124651672-0
      • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction ID: 5fe8bdd41a10f96eed0c08b81a8c651ccd934f21ec4c15eef027c2ec4447b3e6
      • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction Fuzzy Hash: 8C519AB6A047059FE310DFA8D885B5ABBF4FB48751F00862AE90AC3B51DB35E810CB95
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000680C
      • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP100 ref: 10006835
      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 10006854
      • InternetCloseHandle.WININET(00000000), ref: 10006861
      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068B0
      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068E7
      • InternetCloseHandle.WININET(00000000), ref: 10006929
      • InternetCloseHandle.WININET(00000000), ref: 1000692C
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000693E
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Internet$CloseHandle$FileOpenReadV01@$??3@??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
      • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
      • API String ID: 3920785804-909499719
      • Opcode ID: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
      • Instruction ID: dbd1db5420fc97e2b1574d172d17a853fb0eadf566ed8d2bb0c925582a551d23
      • Opcode Fuzzy Hash: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
      • Instruction Fuzzy Hash: FA41DAF1900169AFE725DB24CC84F9BB7BDEB88240F1185A9F60597240DB70DE85CFA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
      • String ID: 8P@
      • API String ID: 801014965-425619966
      • Opcode ID: 8498408c8425d3ed6747d28634787dc7c4251bf7b6037aa3f240537cf403f7b7
      • Instruction ID: 3db1f6a25215d20146fe9d205761b81edacfa20296a2621411912f9a6318d064
      • Opcode Fuzzy Hash: 8498408c8425d3ed6747d28634787dc7c4251bf7b6037aa3f240537cf403f7b7
      • Instruction Fuzzy Hash: B7416CB1840744AFCB249FA4DE59AAA7BBCEB09711F20057FE841B72D1D7B859408F5C
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 02654AC8
      • InterlockedExchange.KERNEL32(?,00000000), ref: 02654AD4
      • timeGetTime.WINMM ref: 02654ADA
      • socket.WS2_32(00000002,00000001,00000006), ref: 02654B07
      • gethostbyname.WS2_32(?), ref: 02654B2B
      • htons.WS2_32(?), ref: 02654B44
      • connect.WS2_32(?,?,00000010), ref: 02654B62
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 02654C16
      • InterlockedExchange.KERNEL32(?,00000001), ref: 02654C1F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
      • String ID: 0u
      • API String ID: 3940796591-3203441087
      • Opcode ID: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
      • Instruction ID: 5b3a627bc2b4041fec7d0f441c3069f1382c64059c1394b2df8ac56dc45bcec6
      • Opcode Fuzzy Hash: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
      • Instruction Fuzzy Hash: CE514CB1640714ABE720DFA4CC85FAAB7F8FF48B10F104619F656A72D0D7B0A944CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 10005BBD
      • memset.MSVCR100 ref: 10005BD1
      • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?), ref: 10005BEB
      • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000005,?,?), ref: 10005C26
      • _mbscmp.MSVCR100 ref: 10005C39
      • lstrcpyA.KERNEL32(-000000D0,system), ref: 10005C52
      • WTSFreeMemory.WTSAPI32(?), ref: 10005C67
      • WTSFreeMemory.WTSAPI32(?), ref: 10005C84
      • ??3@YAXPAX@Z.MSVCR100 ref: 10005C9E
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: FreeMemory$??2@??3@EnumerateInformationQuerySessionSessions_mbscmplstrcpymemset
      • String ID: system
      • API String ID: 2835183911-3377271179
      • Opcode ID: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
      • Instruction ID: d08ab42cfd6b18e12b5412b75c8ea3aae0022bfd40c742a0170e7af3aa65547d
      • Opcode Fuzzy Hash: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
      • Instruction Fuzzy Hash: FF31A1B5A00219AFEB10CF90CCC8DAFBBB8FF44711F108119E915A3244D730AA51CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
      • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
      • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
      • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
      • _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
      • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
      • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@D@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID: bad cast
      • API String ID: 3682899576-3145022300
      • Opcode ID: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
      • Instruction ID: 9267944088e3d385a90ca68d15580f4292d556ca69c9bd6cbb330ffcc8da112e
      • Opcode Fuzzy Hash: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
      • Instruction Fuzzy Hash: D5319375900265AFEB14DF54CC98ADEB7B4FB48760F06825AE912A7390DF30ED40CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,10016034,10012308,?,?,00000001), ref: 02656732
      • RtlEnterCriticalSection.NTDLL(?), ref: 02656759
      • SetLastError.KERNEL32(0000139F), ref: 0265676D
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02656774
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$EnterLeave
      • String ID:
      • API String ID: 2124651672-0
      • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction ID: 63ddc60ce706921659cb946221a9df434f4cf6c224de63f935e2999b7817f6ff
      • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction Fuzzy Hash: B9518DB6A047149FD714DFA8C884B6ABBF4FB48711F008A2EE91AC3B51D775E410CB61
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • wsprintfA.USER32 ref: 0265F663
      • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0265F678
      • GetLastError.KERNEL32 ref: 0265F684
      • ReleaseMutex.KERNEL32(00000000), ref: 0265F692
      • CloseHandle.KERNEL32(00000000), ref: 0265F699
      • GetTickCount.KERNEL32 ref: 0265F6EC
      • GetTickCount.KERNEL32 ref: 0265F707
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0265F745
      • TerminateThread.KERNEL32(?,000000FF), ref: 0265F826
      • CloseHandle.KERNEL32(?), ref: 0265F834
      • CloseHandle.KERNEL32(?), ref: 0265F857
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CloseHandle$CountCreateMutexTick$ErrorEventLastReleaseTerminateThreadwsprintf
      • String ID:
      • API String ID: 583979846-0
      • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction ID: a6f08a29e5d8e96d7aa0ce4ee2093b50a6a274db8b4c715ec4ed7619f1042d5e
      • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction Fuzzy Hash: 6A517CB15087A19FE724DF68CC84B9BB7E9FB88711F108A1CE94A87390C7709855CF92
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(00000064), ref: 10002D1D
      • CloseHandle.KERNEL32(?), ref: 10002D33
      • CloseHandle.KERNEL32(?), ref: 10002D3D
      • CloseHandle.KERNEL32(?), ref: 10002D47
      • WSACleanup.WS2_32 ref: 10002D49
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D63
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D7C
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D95
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DB5
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DCC
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DE3
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: FreeVirtual$CloseHandle$CleanupSleep
      • String ID:
      • API String ID: 21600312-0
      • Opcode ID: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
      • Instruction ID: e8e7963b61715e07e1f975425be793fcef977bd32e5d06e796b9a2ad35ea54e2
      • Opcode Fuzzy Hash: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
      • Instruction Fuzzy Hash: A72107B1600B54ABE760DF6A8DC4A16F7E8FF542847924C2EF682D7A54C7B4FC448E20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,8834D961,00000000,00000000,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
      • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
      • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast), ref: 10009C09
      • _CxxThrowException.MSVCR100(?,10013774), ref: 10009C18
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,10013774), ref: 10009C28
      • std::locale::facet::_Facet_Register.LIBCPMT ref: 10009C2F
      • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowstd::locale::facet::_
      • String ID: bad cast
      • API String ID: 3754268192-3145022300
      • Opcode ID: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
      • Instruction ID: 8e14b074035db8c01746d2bfa9994902538dc9c994fd8b17045a7e04c907522a
      • Opcode Fuzzy Hash: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
      • Instruction Fuzzy Hash: CA31D2B6904124AFEB14CF54DD84A9EB7B8FB043B0F518259ED26A73A1DB30ED40CB81
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(8834D961,0000002D,?,00000000,?), ref: 1000BFAD
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,8834D961,0000002D,?,00000000,?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000BFCD
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000C00A
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,?,?,10007D4F,?), ref: 1000C027
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000C063
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_??2@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 1881732901-0
      • Opcode ID: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
      • Instruction ID: 2564591a47ad9c99d460cfe4242aa2a7db49b47659ffe0b548625c32ae3f8a46
      • Opcode Fuzzy Hash: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
      • Instruction Fuzzy Hash: AA918074A00749DFEB14CF24C890A9ABBF1FF49390F04856DE8AA97746D730E954CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,00000001,00000001,?,10003B03), ref: 10003E05
      • LeaveCriticalSection.KERNEL32(?,?,10003B03), ref: 10003E50
      • send.WS2_32(10003B03,?,?,00000000), ref: 10003E6E
      • EnterCriticalSection.KERNEL32(?), ref: 10003E81
      • LeaveCriticalSection.KERNEL32(?), ref: 10003E94
      • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003EBC
      • WSAGetLastError.WS2_32(?,10003B03), ref: 10003EC7
      • EnterCriticalSection.KERNEL32(?,?,10003B03), ref: 10003EDB
      • LeaveCriticalSection.KERNEL32(?), ref: 10003F14
      • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003F51
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
      • String ID:
      • API String ID: 1701177279-0
      • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction ID: 95e7f1dcb72b6087f728085c9acbc1400d3849db0c1b3c989ec691719f25d438
      • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction Fuzzy Hash: 884114B1504A419FE761CF78C8C8AA7B7F8EB49380F10896EE96ACB255D730E8418B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 02655A51
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02655A9C
      • send.WS2_32(0265574F,?,?,00000000), ref: 02655ABA
      • RtlEnterCriticalSection.NTDLL(?), ref: 02655ACD
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02655AE0
      • HeapFree.KERNEL32(00000000,00000000,?,?,0265574F), ref: 02655B08
      • WSAGetLastError.WS2_32(?,0265574F), ref: 02655B13
      • RtlEnterCriticalSection.NTDLL(?), ref: 02655B27
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02655B60
      • HeapFree.KERNEL32(00000000,00000000,?,?,0265574F), ref: 02655B9D
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
      • String ID:
      • API String ID: 1701177279-0
      • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction ID: ac42940d3ada2e6a21f22d9f1edcf115372c7df49ae33710a578f8600d58f002
      • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction Fuzzy Hash: 684106B1504B109FD724CF78C8CCAA7B7E8BB49304F84896DE96ACB250D730E4458B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 100036A0: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
        • Part of subcall function 100036A0: free.MSVCR100(?), ref: 100036DC
        • Part of subcall function 100036A0: malloc.MSVCR100 ref: 10003718
        • Part of subcall function 100036A0: memset.MSVCR100 ref: 10003727
      • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035A5
      • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035B3
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100035DA
      • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 100035F3
      • _beginthreadex.MSVCR100 ref: 10003615
      • ResetEvent.KERNEL32(?,?,?,10016A3C), ref: 1000362E
      • SetLastError.KERNEL32(00000000), ref: 10003661
      • GetLastError.KERNEL32 ref: 10003679
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      • SetLastError.KERNEL32(00000000), ref: 10003689
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_beginthreadexclosesocketfreemallocmemsetsendshutdown
      • String ID:
      • API String ID: 2811472597-0
      • Opcode ID: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
      • Instruction ID: 528c5fe63bee85bd579387a06ccf710ef0ae3c773235a27bcf9d154c9c99c380
      • Opcode Fuzzy Hash: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
      • Instruction Fuzzy Hash: C3415BB1600704AFE360DF69CC80B5BB7E8FB48751F50892EEA46D7690DBB1F9548B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSASetLastError.WS2_32(0000000D), ref: 10004D63
      • EnterCriticalSection.KERNEL32(?), ref: 10004D78
      • WSASetLastError.WS2_32(00002746), ref: 10004D8A
      • LeaveCriticalSection.KERNEL32(?), ref: 10004D91
      • timeGetTime.WINMM ref: 10004DBF
      • timeGetTime.WINMM ref: 10004DE7
      • SetEvent.KERNEL32(?), ref: 10004E25
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10004E31
      • LeaveCriticalSection.KERNEL32(?), ref: 10004E38
      • LeaveCriticalSection.KERNEL32(?), ref: 10004E4B
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
      • String ID:
      • API String ID: 1979691958-0
      • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction ID: ec2b79fedc414f9553798197052756955a32ae4d36ffb583ee8fc20c2801b713
      • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction Fuzzy Hash: 3C4118B1600341DFE320DF68C888A5AB7F9FF89794F02855AE44AC7755EB35EC518B44
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSASetLastError.WS2_32(0000000D), ref: 026569AF
      • RtlEnterCriticalSection.NTDLL(?), ref: 026569C4
      • WSASetLastError.WS2_32(00002746), ref: 026569D6
      • RtlLeaveCriticalSection.NTDLL(?), ref: 026569DD
      • timeGetTime.WINMM ref: 02656A0B
      • timeGetTime.WINMM ref: 02656A33
      • SetEvent.KERNEL32(?), ref: 02656A71
      • InterlockedExchange.KERNEL32(?,00000001), ref: 02656A7D
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02656A84
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02656A97
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
      • String ID:
      • API String ID: 1979691958-0
      • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction ID: e4f3e56bab9e46f4c71ce365f15a3e22ca9e687cc1cb52ba7cc44250b888b087
      • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction Fuzzy Hash: F741AE716003109FE730DF69C888B6AB7E9FB88714F94C659E88AC7361E775E895CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • socket.WS2_32(00000002,00000002,00000011), ref: 1000375F
      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 10003798
      • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 100037B5
      • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 100037C8
      • WSACreateEvent.WS2_32 ref: 100037CA
      • gethostbyname.WS2_32(?), ref: 100037D4
      • htons.WS2_32(?), ref: 100037ED
      • WSAEventSelect.WS2_32(?,?,00000030), ref: 1000380B
      • connect.WS2_32(?,?,00000010), ref: 10003820
      • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 1000382F
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Eventsetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
      • String ID:
      • API String ID: 2147236057-0
      • Opcode ID: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
      • Instruction ID: 832f1b8ff29030e8bf453c954313f24a602478d3b057f428ca850e8eb3ef4c46
      • Opcode Fuzzy Hash: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
      • Instruction Fuzzy Hash: B0312AB1A00319AFE710DFA4CC85E7FB7B8FB48760F108619F622972D0DA75EA158B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 10004443
      • ResetEvent.KERNEL32(?), ref: 1000444C
      • timeGetTime.WINMM ref: 1000444E
      • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
      • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
      • ResetEvent.KERNEL32(?), ref: 100044C8
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      • ResetEvent.KERNEL32(?), ref: 100044DC
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
      • String ID:
      • API String ID: 542259498-0
      • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
      • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryA.KERNEL32(?), ref: 02657292
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 026572C7
      • LoadLibraryA.KERNEL32(10012638), ref: 0265731F
      • CloseHandle.KERNEL32(?), ref: 0265733E
      • FreeLibrary.KERNEL32(00000000), ref: 02657349
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Library$Load$CloseCurrentFreeHandleProcess
      • String ID: .dll$Adva$pi32
      • API String ID: 1168765234-3719434023
      • Opcode ID: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
      • Instruction ID: e6cf997cd3c8849cb30bc8cc4e4627967dffc381d8fc41d4017796b956e6a8c8
      • Opcode Fuzzy Hash: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
      • Instruction Fuzzy Hash: 2431BCB1A41218ABDB11DFB4DD89BEEBBB8EF49710F104159FA05B7280DB70D910CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000,?), ref: 00401F50
      • BuildExplicitAccessWithNameA.ADVAPI32(?,Administrators,000F003F,00000002,00000003), ref: 00401F6D
      • SetEntriesInAclA.ADVAPI32(00000001,?,?,?), ref: 00401F83
      • SetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000), ref: 00401F9E
      • LocalFree.KERNEL32(?), ref: 00401FB9
      • LocalFree.KERNEL32(?), ref: 00401FC4
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: FreeInfoLocalNamedSecurity$AccessBuildEntriesExplicitNameWith
      • String ID: Administrators$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 232510436-309312000
      • Opcode ID: 53073c2b4bec189ce8b610d4c6f56d55612f92f2701c5ff9fb59f5ebaf8d7ac5
      • Instruction ID: da1d4f715cb7791bda5478defa030f0280aa6d463b88422718ffb321f1726b92
      • Opcode Fuzzy Hash: 53073c2b4bec189ce8b610d4c6f56d55612f92f2701c5ff9fb59f5ebaf8d7ac5
      • Instruction Fuzzy Hash: C0114DB16043066FE310CF65CD85E6BB7ACEBC4795F40483EFA44E6290D6B8DD088B66
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: lstrlenmemset$??2@gethostname
      • String ID: Host$SYSTEM\Setup
      • API String ID: 1496828540-2058306683
      • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
      • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
      • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
      • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,8834D961,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
        • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
        • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
        • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,8834D961,?,74DF2F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
        • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
      • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
      • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
      • String ID:
      • API String ID: 2486110213-0
      • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
      • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@$free
      • String ID:
      • API String ID: 2241099983-0
      • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
      • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
      • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
      • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
      • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
      • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
      • SetLastError.KERNEL32(0000139F), ref: 10004CD9
      • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
      • LeaveCriticalSection.KERNEL32(00000002), ref: 10004CE9
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
      • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
      • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
      • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • memmove.MSVCR100 ref: 1000753B
      • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,8834D961), ref: 10007636
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,8834D961), ref: 10007664
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,8834D961), ref: 1000766F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
      • String ID: invalid string position$string too long
      • API String ID: 2621357903-4289949731
      • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
      • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
      • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
      • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: memmove$??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2515916401-3788999226
      • Opcode ID: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
      • Instruction ID: 01a5416ad76a64336723064fc840d625202b6d5d1d61444833dd7ade9053a0ae
      • Opcode Fuzzy Hash: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
      • Instruction Fuzzy Hash: BD3150B560030A9FDB18DF69CC9496FB7E6FF84250B158A3DE95AC3344EB30E9118A91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OutputDebugStringA.KERNEL32(10012B64), ref: 026600D5
        • Part of subcall function 0265FADC: OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0265FB09
        • Part of subcall function 0265FADC: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0265FB26
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0265FBE5
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0265FC24
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0265FC63
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0265FCA2
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0265FCE1
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0265FD20
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0265FD5F
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0265FD9E
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0265FDDD
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0265FE1C
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0265FE5B
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0265FE9A
        • Part of subcall function 0265FADC: LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0265FED9
        • Part of subcall function 0265FADC: GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0265FF29
        • Part of subcall function 0265FADC: SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0265FF3D
        • Part of subcall function 0265FADC: PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0265FF6B
        • Part of subcall function 0265FADC: TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0265FF88
        • Part of subcall function 0265FADC: CloseHandle.KERNEL32(?), ref: 0265FFA6
        • Part of subcall function 0265FADC: CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0265FFC1
      • RegSetValueExA.ADVAPI32(?,10012B20,00000000,00000001,?,?), ref: 02660155
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Value$LookupPrivilege$Process$CloseHandleOpenToken$DebugInformationLengthMessageOutputPostStringTerminateThread
      • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
      • API String ID: 2737639916-1482746000
      • Opcode ID: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
      • Instruction ID: 2c86aea613374c284e74c3a11f306a3be874ba8385a56381bf0bf3c82c0226ba
      • Opcode Fuzzy Hash: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
      • Instruction Fuzzy Hash: 8C0184B06002299FD728FBA08C94FBE7767DF8A300F404188F9099A581CF34D9518F59
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,8834D961,?,8834D961,10008EF2), ref: 1000A71D
        • Part of subcall function 1000A670: ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,8834D961,?,8834D961,10008EF2), ref: 1000A740
        • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,8834D961), ref: 1000A76E
        • Part of subcall function 1000D240: ??3@YAXPAX@Z.MSVCR100 ref: 1000D24D
        • Part of subcall function 1000D240: memmove.MSVCR100 ref: 1000D274
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009341
      • ??3@YAXPAX@Z.MSVCR100 ref: 100093AF
      • memmove.MSVCR100 ref: 100093D6
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009409
      • ??3@YAXPAX@Z.MSVCR100 ref: 100094E8
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000950C
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009541
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009565
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@$Decref@facet@locale@std@@V123@memmove$?tolower@?$ctype@D@std@@
      • String ID:
      • API String ID: 666130115-0
      • Opcode ID: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
      • Instruction ID: d6409eecbe246477b522489d28038a04a4d9b35d361d7e3d4c0a1cf6a561d2a1
      • Opcode Fuzzy Hash: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
      • Instruction Fuzzy Hash: 1BA1BFB1D042589FEF11CFA8C884ADEBBF5EF48340F24852AE445A7245D735EA45CFA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F04
      • LoadLibraryA.KERNEL32(?), ref: 10005F20
      • GetProcessHeap.KERNEL32(00000000,FFFC66E8,8B068BFF), ref: 10005F46
      • HeapReAlloc.KERNEL32(00000000), ref: 10005F4D
      • GetProcessHeap.KERNEL32(00000000,?), ref: 10005F57
      • HeapAlloc.KERNEL32(00000000), ref: 10005F5E
      • GetProcAddress.KERNEL32(00000000,?), ref: 10005FAB
      • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005FCE
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
      • String ID:
      • API String ID: 1153753045-0
      • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
      • Instruction ID: 639725d520a12f96a9ac537266dd15796de30ad03c8f0809102f2ab076afd855
      • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
      • Instruction Fuzzy Hash: EB416D7560021B9FE710DF69C884B6AB7E8FF4839AF118179E909D7251E736EC10CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • socket.WS2_32(00000002,00000002,00000011), ref: 026553AB
      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 026553E4
      • WSACreateEvent.WS2_32 ref: 02655416
      • gethostbyname.WS2_32(?), ref: 02655420
      • htons.WS2_32(?), ref: 02655439
      • WSAEventSelect.WS2_32(?,?,00000030), ref: 02655457
      • connect.WS2_32(?,?,00000010), ref: 0265546C
      • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 0265547B
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
      • String ID:
      • API String ID: 603330298-0
      • Opcode ID: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
      • Instruction ID: 8e34a5ce34768dd1214f5dfe57f650aad85a6f5f4cf921663fd234a0d800de01
      • Opcode Fuzzy Hash: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
      • Instruction Fuzzy Hash: BA311DB1600215AFE714DBA4CC89E7EB7B8EB48710F504A19FA22A72D0D7759A148B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 10003F65
      • SetLastError.KERNEL32(0000139F,?,74DEDFA0,10003688), ref: 10004054
        • Part of subcall function 10002BA0: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 10002BB6
        • Part of subcall function 10002BA0: SwitchToThread.KERNEL32 ref: 10002BCA
      • send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
      • SetEvent.KERNEL32(?), ref: 10003FE9
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
      • WSACloseEvent.WS2_32(?), ref: 10004003
      • shutdown.WS2_32(?,00000001), ref: 1000401B
      • closesocket.WS2_32(?), ref: 10004025
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
      • String ID:
      • API String ID: 3254528666-0
      • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction ID: 33fc8edb3bfa16432b1da941d8e6096b20875d7008fd88c2fc111e4d4adde92b
      • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction Fuzzy Hash: 392148B56007109BE321DF64C888B5BB7F9FB88791F11891CF28297690CBB9F855CB54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 02655BB1
      • SetLastError.KERNEL32(0000139F,?,100120A0,026552D4), ref: 02655CA0
        • Part of subcall function 026547EC: SwitchToThread.KERNEL32 ref: 02654816
      • send.WS2_32(?,1001242C,00000010,00000000), ref: 02655C12
      • SetEvent.KERNEL32(?), ref: 02655C35
      • InterlockedExchange.KERNEL32(?,00000000), ref: 02655C41
      • WSACloseEvent.WS2_32(?), ref: 02655C4F
      • shutdown.WS2_32(?,00000001), ref: 02655C67
      • closesocket.WS2_32(?), ref: 02655C71
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLastSwitchclosesocketsendshutdown
      • String ID:
      • API String ID: 518013673-0
      • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction ID: c31d02da93c07d869e1dd38ce2a4a0feb93c08306c125d81d9f8f0c46f9a82ba
      • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction Fuzzy Hash: 2E2124B1200B209BE3349F68C98CB5AB7F6BB48714F544A1CEA9386B90C7B9E455CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004074
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004087
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004090
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004099
        • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100015D0
        • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
        • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
      • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040B9
      • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040D4
      • SetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004150
      • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004157
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
      • String ID:
      • API String ID: 2266972149-0
      • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
      • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000005,?,?,?,10007D4F,?), ref: 10009653
      • ??2@YAPAXI@Z.MSVCR100 ref: 10009668
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000006,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099C1
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000004,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099D4
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(0000000A,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099F7
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@$??2@
      • String ID:
      • API String ID: 432566381-0
      • Opcode ID: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
      • Instruction ID: b8931feace3fce552cd7dc028dd2a20196b90b2ee431afbed85b6d5b4f70debe
      • Opcode Fuzzy Hash: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
      • Instruction Fuzzy Hash: 89D12934E089C75FFB55CB24C4A032677E1FF063C4F26805ED69987A9AC725ACA5C782
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 10001610: vsprintf.MSVCR100 ref: 10001646
      • malloc.MSVCR100 ref: 10002350
      • memcpy.MSVCR100 ref: 10002397
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: mallocmemcpyvsprintf
      • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
      • API String ID: 4208594302-868042568
      • Opcode ID: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
      • Instruction ID: 2d637e10643cae3ae86f13c8a9a6f4a8ec5bbbe4351a433474e625fb8ee90fc4
      • Opcode Fuzzy Hash: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
      • Instruction Fuzzy Hash: C4B1A375A002059BEB08CF68D8806AE7BF5FF84390F1585AEED499B34AD731ED51CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(8834D961,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 100079B6
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,8834D961,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A13
      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,8834D961,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A40
      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
      • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
      • String ID:
      • API String ID: 753523128-0
      • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
      • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
      • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
      • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 02657000
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 02657025
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 02657039
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 02657084
      • CopyFileA.KERNEL32(?,?,00000000), ref: 026570BA
      • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0265711F
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02657140
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02657168
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02657182
      • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0265718F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
      • String ID: D$\msiexec.exe
      • API String ID: 3303475852-2685333904
      • Opcode ID: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
      • Instruction ID: fd9d228a70ab0493a9e2de54f3b6d4f57918ba5b4fc90deee70dc3c3940d3257
      • Opcode Fuzzy Hash: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
      • Instruction Fuzzy Hash: A4514EF1900228AFEB25DB64CCD4AEAB7BDEB48304F4085D9E60997251E6709F85CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CF0086A), ref: 1000DC8B
      • _beginthreadex.MSVCR100 ref: 1000DCAB
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
      • CloseHandle.KERNEL32(?), ref: 1000DCD4
      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
      • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseHandleObjectSingleWait$??2@CreateEvent_beginthreadex
      • String ID:
      • API String ID: 2512375702-0
      • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
      • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
      • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
      • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 00401F10: GetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000,?), ref: 00401F50
        • Part of subcall function 00401F10: BuildExplicitAccessWithNameA.ADVAPI32(?,Administrators,000F003F,00000002,00000003), ref: 00401F6D
        • Part of subcall function 00401F10: SetEntriesInAclA.ADVAPI32(00000001,?,?,?), ref: 00401F83
        • Part of subcall function 00401F10: SetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000), ref: 00401F9E
        • Part of subcall function 00401F10: LocalFree.KERNEL32(?), ref: 00401FB9
        • Part of subcall function 00401F10: LocalFree.KERNEL32(?), ref: 00401FC4
      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,00000000), ref: 00401FF1
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040201A
      • RegSetValueExA.ADVAPI32(00000000,LiveUpdate,00000000,00000001,?,00000000), ref: 00402034
      • RegCloseKey.ADVAPI32(?), ref: 0040203F
      Strings
      • LiveUpdate, xrefs: 0040202E
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00401FE7
      Memory Dump Source
      • Source File: 00000000.00000002.1723221164.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1723209469.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723231883.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723244369.0000000000405000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1723255788.0000000000406000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_sample.jbxd
      Similarity
      • API ID: FreeInfoLocalNameNamedSecurity$AccessBuildCloseEntriesExplicitFileModuleOpenValueWith
      • String ID: LiveUpdate$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 4218273391-3400392916
      • Opcode ID: a777f8cc5ebc364c6c8232df2c8f17a8fb27b862e7d670335a6bd31dbf8ff923
      • Instruction ID: 9cbc189060c18ce78410ef20227df155c72ab83715970fe9a40628cbd408b6b5
      • Opcode Fuzzy Hash: a777f8cc5ebc364c6c8232df2c8f17a8fb27b862e7d670335a6bd31dbf8ff923
      • Instruction Fuzzy Hash: 1BF0A4742443017BE710DB64DD46FABBBACEBC8B41F40482CB788F51E4D6F895448B16
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,?,?,?,8834D961,?,?,10010B78,000000FF), ref: 10004ECA
      • WSASetLastError.WS2_32(0000139F,?,?,?,?,8834D961,?,?,10010B78,000000FF), ref: 10004EE2
      • LeaveCriticalSection.KERNEL32(?), ref: 10004EEC
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction ID: 5d7e202c9453111bf760a64193654abb888b24a6dd7784caadbc8dba9623b2f2
      • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction Fuzzy Hash: 0D318EB6A04744ABE710CF94DC86B6AB3E8FB48750F01852AFD16C3784DB36E810CB54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 02656B16
      • WSASetLastError.WS2_32(0000139F,?,?,?,?,10016034,?,?,10010B78,000000FF), ref: 02656B2E
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02656B38
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction ID: adc19df9acf93ad5734f0cf739244b0e28056e30451bf61ac76040beb2df4794
      • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction Fuzzy Hash: 90316AB2604654ABE720DF94CD85B6AB3ADEB48710F40865EFD15C7780E73AE820CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
      • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
      • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
      • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
      • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
      • String ID:
      • API String ID: 672040072-0
      • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
      • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
      • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
      • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: _errno$recvselect
      • String ID:
      • API String ID: 4102763267-0
      • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
      • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
      • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
      • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000913B
      • _CxxThrowException.MSVCR100 ref: 10009153
      Strings
      • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 10008E11, 10008E38
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??0exception@std@@ExceptionThrow
      • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
      • API String ID: 2684170311-3812731148
      • Opcode ID: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
      • Instruction ID: 4ff9fd43ccc38cada941469353b65ddf61956220ecca57f71b677a99dd077398
      • Opcode Fuzzy Hash: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
      • Instruction Fuzzy Hash: 39C19C712082519FEB04CF18C4C4B9A7BE5EF85390F5485A9EC898F24EC775E985CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • FreeLibrary.KERNEL32(?,?,00000000,1000612A), ref: 1000629F
      • GetProcessHeap.KERNEL32(00000000,?,00000000,1000612A), ref: 100062AE
      • HeapFree.KERNEL32(00000000), ref: 100062B5
      • VirtualFree.KERNEL32(?,00000000,00008000,1000612A), ref: 100062CB
      • GetProcessHeap.KERNEL32(00000000,00000000,1000612A), ref: 100062D4
      • HeapFree.KERNEL32(00000000), ref: 100062DB
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: FreeHeap$Process$LibraryVirtual
      • String ID:
      • API String ID: 3521805120-0
      • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction ID: 4e8ae9d798ed328c3ac5cf3a0713134e707d5c220115033f18ab452dde1a0258
      • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction Fuzzy Hash: E5113070600B11EFE660CFA5CC88F1673EAEB89791F20CA18E15697594C774F851CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10004761
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000476C
      • Sleep.KERNEL32(00000258), ref: 10004779
      • CloseHandle.KERNEL32(?), ref: 10004794
      • CloseHandle.KERNEL32(?), ref: 1000479D
      • Sleep.KERNEL32(0000012C), ref: 100047AE
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
      • String ID:
      • API String ID: 1019945655-0
      • Opcode ID: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
      • Instruction ID: ab300de59104cfa3b6c6a7cb3b929f183dbe93be0b3bbffdefcd2026bf0c7e40
      • Opcode Fuzzy Hash: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
      • Instruction Fuzzy Hash: FDF030762046146BD610EBA9CC84D4BF3E9EFD9730B218709F26583294CA70FC018BA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003341
      • Sleep.KERNEL32(00000258), ref: 1000334E
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10003356
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003362
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000336A
      • Sleep.KERNEL32(0000012C), ref: 1000337B
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
      • String ID:
      • API String ID: 3137405945-0
      • Opcode ID: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
      • Instruction ID: 009e06f348ae16128d23bb0ec9214422679a084963a6134c51d0f5301ed01227
      • Opcode Fuzzy Hash: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
      • Instruction Fuzzy Hash: FDF01272204714ABD610DBA9CCC4D56F3A8AF99734F218709F365932E0CAB4E805CB60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: free
      • String ID:
      • API String ID: 1294909896-0
      • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
      • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
      • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
      • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,8834D961,?,00000000,?,10008EF2), ref: 1000C89C
      • memmove.MSVCR100 ref: 1000C8F5
      • memmove.MSVCR100 ref: 1000C91C
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: memmove$??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2515916401-3788999226
      • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
      • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
      • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
      • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
      • memcpy.MSVCR100 ref: 1000D5C6
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: invalid string position$string too long
      • API String ID: 4248180022-4289949731
      • Opcode ID: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
      • Instruction ID: 02f1bde33a7f6a4f0b7ca151306c8b86bee2ec7feaee009fa3221f14d761e210
      • Opcode Fuzzy Hash: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
      • Instruction Fuzzy Hash: 1A114C75300A059FEB08EF68EC84A6D77A5FB4429AB11052AFA06CB245D771E990CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
      • String ID:
      • API String ID: 2760534091-0
      • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
      • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
      • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
      • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,8834D961,?,8834D961,10008EF2), ref: 1000A71D
      • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,8834D961,?,8834D961,10008EF2), ref: 1000A740
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,8834D961), ref: 1000A76E
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7B3
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7C0
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 551958918-0
      • Opcode ID: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
      • Instruction ID: 0fa7d05f19d1acb58b9383a605f7864dac9a50907dca70db0252d2cb3e85a45c
      • Opcode Fuzzy Hash: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
      • Instruction Fuzzy Hash: 61514FB5A01259AFEB00DFA8C984B9EBBF5FF49750F108119E805E7345DB70AE41CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,8834D961,?,8834D961,?), ref: 1000CC39
      • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,8834D961,?,8834D961,?), ref: 1000CC5C
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,10010E09,000000FF,?,1000CA00,?,?,8834D961), ref: 1000CC8A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCCF
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCDC
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 551958918-0
      • Opcode ID: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
      • Instruction ID: c131282bc4579c986c972f2adb03389835f40558fee83756ef3b82deba687527
      • Opcode Fuzzy Hash: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
      • Instruction Fuzzy Hash: 88512CB5A01259EFEB04DFA8C994B9EBBF5FF48740F108169E805E7345DB70AA01CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000D6C8
      • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(80000000,8834D961,00000000,?,00000000,00000000), ref: 1000D6E8
      • _CxxThrowException.MSVCR100 ref: 1000D6FE
        • Part of subcall function 1000D600: ??2@YAPAXI@Z.MSVCR100 ref: 1000D612
        • Part of subcall function 1000D600: ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000D62D
        • Part of subcall function 1000D600: _CxxThrowException.MSVCR100(?,10013704), ref: 1000D643
      • memcpy.MSVCR100 ref: 1000D740
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000D751
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??0exception@std@@??2@ExceptionThrow$??3@memcpy
      • String ID:
      • API String ID: 1366379292-0
      • Opcode ID: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
      • Instruction ID: 6dedfff981291254d8f0f0f89a0f1b07b51f4c0be1b682e6e92bcdd5696b02d0
      • Opcode Fuzzy Hash: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
      • Instruction Fuzzy Hash: AB41BA75D04605AFDB04EF68C98069DB7F4FB042A0F50422AF91A97784E731E950CBB1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,8834D961,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?,?,10006CA5), ref: 1000C420
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(8834D961,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?), ref: 1000C403
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000C435
      • realloc.MSVCR100 ref: 1000C463
      • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000C472
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: D@std@@Incref@facet@locale@std@@Lockit@std@@$??0_??0bad_cast@std@@??1_??2@?tolower@?$ctype@Bid@locale@std@@Decref@facet@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV123@V42@@Vfacet@locale@2@Xmem@tr1@std@@reallocstd::locale::facet::_
      • String ID:
      • API String ID: 1657136341-0
      • Opcode ID: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
      • Instruction ID: 4099fa0d0876d1a195df608e329946193385f4c805ecebf18ba5ac7bf75522a8
      • Opcode Fuzzy Hash: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
      • Instruction Fuzzy Hash: F8315975600705EFE710CF59C890A6ABBF5FF88390F15856DE89A8B751D730E940CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 02655CC0
        • Part of subcall function 026530DC: HeapFree.KERNEL32(?,00000000,?,?,?,02655CFD,?,00000000,02655C85,?,100120A0,026552D4), ref: 026530F9
      • HeapDestroy.KERNEL32(?,?,00000000,02655C85,?,100120A0,026552D4), ref: 02655D05
      • HeapCreate.KERNEL32(?,?,?,?,00000000,02655C85,?,100120A0,026552D4), ref: 02655D20
      • SetEvent.KERNEL32(?,?,00000000,02655C85,?,100120A0,026552D4), ref: 02655D9C
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02655DA3
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave
      • String ID:
      • API String ID: 563679510-0
      • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction ID: cbd827fb0be3812cb7e00e2b2dd6199ab80f71337c50a832bc466a26561b12a2
      • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction Fuzzy Hash: 20312771200A16EFD709DB74C888B95F7A9FF48310F148659E92987260DB75F825CFD4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??2@lstrlenmemset
      • String ID: BITS$SYSTEM\Setup
      • API String ID: 3680187532-3074452007
      • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
      • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
      • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
      • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 10002C1F
      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10002C35
      • TranslateMessage.USER32(?), ref: 10002C44
      • DispatchMessageA.USER32(?), ref: 10002C4A
      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002C58
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
      • String ID:
      • API String ID: 2015114452-0
      • Opcode ID: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
      • Instruction ID: b75dc0117a11b7c765e1435c40dcdf28a4bdf489932a1a838a762226f6e0879c
      • Opcode Fuzzy Hash: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
      • Instruction Fuzzy Hash: 4901A971A40319B6F614D7948C82FAF736CEB05B90F104511FF00EB0D5D6B4E95187B4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave
      • String ID:
      • API String ID: 3168844106-0
      • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
      • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
      • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
      • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10002E1C
      • CancelIo.KERNEL32(?), ref: 10002E26
      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 10002E2F
      • closesocket.WS2_32(?), ref: 10002E39
      • SetEvent.KERNEL32(00000001), ref: 10002E43
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
      • String ID:
      • API String ID: 1486965892-0
      • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction ID: 709f11b2dc8ccf699aafbe62f7b0534b760bdc3690ddac9162a5b626801ec8b5
      • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction Fuzzy Hash: CBF03CB5100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9697690C6B4F914CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 02654A68
      • CancelIo.KERNEL32(?), ref: 02654A72
      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02654A7B
      • closesocket.WS2_32(?), ref: 02654A85
      • SetEvent.KERNEL32(00000001), ref: 02654A8F
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
      • String ID:
      • API String ID: 1486965892-0
      • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction ID: a07e52258182953ebf3603135f026879d0a9336af2962c20ba259c89485607e8
      • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction Fuzzy Hash: 76F03CB6100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9297690CAB4F514CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,?,1000DE2D,?), ref: 10006383
      • memmove.MSVCR100 ref: 100063AF
      • ??3@YAXPAX@Z.MSVCR100 ref: 100063C7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@Xlength_error@std@@memmove
      • String ID: vector<T> too long
      • API String ID: 1993728168-3788999226
      • Opcode ID: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
      • Instruction ID: 666fb908681a4cb4fcb84fde5cab495aadc7bf52184e8f2216cd687e136a9d11
      • Opcode Fuzzy Hash: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
      • Instruction Fuzzy Hash: 2401D4B16002059FE718CF68CCD982AB7E9EB18240724462DE847C3344E730F950CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: memcpy
      • String ID:
      • API String ID: 3510742995-0
      • Opcode ID: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
      • Instruction ID: 61b773e0558493be9a29dabd4f951307aa74c3da6f26a6b18387d70fbbbfb126
      • Opcode Fuzzy Hash: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
      • Instruction Fuzzy Hash: E2613B75A01606EFEB48CF69C580AD9B7E5FF48390F50866EE85AC7744EB70E944CB80
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetProcessHeap.KERNEL32(00000000,?,00000000,02657D76), ref: 02657EFA
      • HeapFree.KERNEL32(00000000), ref: 02657F01
      • VirtualFree.KERNEL32(?,00000000,00008000,02657D76), ref: 02657F17
      • GetProcessHeap.KERNEL32(00000000,00000000,02657D76), ref: 02657F20
      • HeapFree.KERNEL32(00000000), ref: 02657F27
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: Heap$Free$Process$Virtual
      • String ID:
      • API String ID: 1594822054-0
      • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction ID: 7fa009aaef3206780602512a090a6bf4cf3332de3bb3b2875651581036143ce8
      • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction Fuzzy Hash: D8112E71600721EFE732CF65CC88F16B3E9AB49715F108918E55A9B6A0C774F841CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,10016034,?,?,?,?,00000000,10010C3B,000000FF,?,0265F6CB), ref: 02660D3F
      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,0265F6CB), ref: 02660DDE
        • Part of subcall function 026531AC: RtlDeleteCriticalSection.NTDLL(00000000), ref: 026531CD
      • InterlockedExchange.KERNEL32(?,00000000), ref: 02660F6C
      • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,0265F6CB), ref: 02660F72
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CriticalSection$CountCreateDeleteEventExchangeInitializeInterlockedSpinTimetime
      • String ID:
      • API String ID: 106064292-0
      • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction ID: fe2c753a15908be9d2d1ee005371cc775ab84fba12d26f810ca1135381add890
      • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction Fuzzy Hash: E681C6B0A01A56BFE314DF7AC984796FBA8FB09344F50822EE52C87640D775A964CFD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AED3
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000AF1D
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AF6D
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000AFB4
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,8834D961,00000000,00000000,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
        • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
      • String ID:
      • API String ID: 2358051495-0
      • Opcode ID: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
      • Instruction ID: b77b04452d26876befaaa33bba6244ff55552589dcca94bb0683c8122b0cb0e2
      • Opcode Fuzzy Hash: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
      • Instruction Fuzzy Hash: 976164B4A0428A9FEF04DFA4C890BEEBBB1FF45394F108169E815AB345D730AD45CB51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A40D
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A457
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A4A7
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A4EE
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,8834D961,00000000,00000000,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
        • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
      • String ID:
      • API String ID: 2358051495-0
      • Opcode ID: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
      • Instruction ID: 064e6777206eaa59b6d0f19c807af86857d994d2322ab606cc61307b9a3a3038
      • Opcode Fuzzy Hash: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
      • Instruction Fuzzy Hash: CC616274E002899FEF04DFA8C8947DDBBB1FF4A394F108269E815AB345D770A985CB51
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction ID: fbdee4184f57a71d2c53c52e8d880eef604c423e6c2d4f4952b64ef6ad69bd47
      • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction Fuzzy Hash: 39318FB1600210AFE721DF68CC81F7AB7E9EB88714F144559FE08CB381E7B1E8008BA5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0265F996
      • Thread32First.KERNEL32(00000000,?), ref: 0265F9AD
      • Thread32Next.KERNEL32(00000000,0000001C), ref: 0265FA8E
      • CloseHandle.KERNEL32(00000000), ref: 0265FA9D
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0265FB09
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0265FB26
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0265FBE5
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0265FC24
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0265FC63
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0265FCA2
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0265FCE1
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0265FD20
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0265FD5F
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0265FD9E
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0265FDDD
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0265FE1C
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0265FE5B
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0265FE9A
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0265FED9
      • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0265FF29
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0265FF3D
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0265FF6B
      • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0265FF88
      • CloseHandle.KERNEL32(?), ref: 0265FFA6
      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0265FFC1
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
      • String ID:
      • API String ID: 1747700738-0
      • Opcode ID: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
      • Instruction ID: d0dcebcda36a95681ec20239e6beace5b1b832c9069f83f44891cb234cb04a69
      • Opcode Fuzzy Hash: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
      • Instruction Fuzzy Hash: A8319371A00215DFDB18CF75D884AAEB7F6FB49614F108A2EF816D7790E770A900CB51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • timeGetTime.WINMM ref: 0265609A
      • InterlockedExchange.KERNEL32(?,00000000), ref: 026560A9
      • WaitForSingleObject.KERNEL32(?,00001770), ref: 026560F7
        • Part of subcall function 02655BAC: GetCurrentThreadId.KERNEL32 ref: 02655BB1
        • Part of subcall function 02655BAC: send.WS2_32(?,1001242C,00000010,00000000), ref: 02655C12
        • Part of subcall function 02655BAC: SetEvent.KERNEL32(?), ref: 02655C35
        • Part of subcall function 02655BAC: InterlockedExchange.KERNEL32(?,00000000), ref: 02655C41
        • Part of subcall function 02655BAC: WSACloseEvent.WS2_32(?), ref: 02655C4F
        • Part of subcall function 02655BAC: shutdown.WS2_32(?,00000001), ref: 02655C67
        • Part of subcall function 02655BAC: closesocket.WS2_32(?), ref: 02655C71
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: EventExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
      • String ID:
      • API String ID: 4080316033-0
      • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction ID: 9ed1aa25eb109fcd16c12936e86b52ad5dc7647f3994c4eb67dc7e58df6c67f7
      • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction Fuzzy Hash: B3316FB6600714ABD230EF69DC84B9BB7E8FF89711F004A1EF98AC7650D671E404CBA5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(8834D961,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(6CFC0A41,8834D961,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
      • realloc.MSVCR100 ref: 1000ADA8
      • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
      • String ID:
      • API String ID: 614970593-0
      • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
      • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
      • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
      • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(8834D961,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7BA
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(0000005E,8834D961,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7D5
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C80F
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,?,1000BED7,?,10012890,00000000,0000005E,?,?,?), ref: 1000C82A
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,8834D961,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,8834D961,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 2639648381-0
      • Opcode ID: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
      • Instruction ID: 0dae501bc556696bb7c4d7e10b9c2053542ed37b5a19796234fa89d0372f365e
      • Opcode Fuzzy Hash: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
      • Instruction Fuzzy Hash: 773141B560160AAFEB04DF64C894B6EB7B5FF49750F00C25DE92997394DB34E900CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ceil.MSVCR100 ref: 100011E9
      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
      • memcpy.MSVCR100 ref: 10001243
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001256
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Virtual$AllocFreeceilmemcpy
      • String ID:
      • API String ID: 941304502-0
      • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
      • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
      • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
      • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F), ref: 100043EC
        • Part of subcall function 100012C0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 100012EB
        • Part of subcall function 10001280: memcpy.MSVCR100 ref: 100012A1
        • Part of subcall function 100041E0: EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CF0017C,10004C5B,?), ref: 100041E8
        • Part of subcall function 100041E0: LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
        • Part of subcall function 10004A70: HeapFree.KERNEL32(?,00000000,?,00000000,10004C5B,?,100042C8,10004C5B,00000000,?,6CF0017C,10004C5B,?), ref: 10004A97
      • SetLastError.KERNEL32(00000000,?), ref: 100043D7
      • SetLastError.KERNEL32(00000057), ref: 10004401
      • WSAGetLastError.WS2_32(?), ref: 10004410
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeavememcpy
      • String ID:
      • API String ID: 993608311-0
      • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction ID: c83054a75a0c69128b26031afe2b7a8ad0b6ec7a765fcb7c10a623894899581c
      • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction Fuzzy Hash: 44110676A0512C9BEB00DF69E8846DEB7E8EF882B2B4141B6FC0CD3205DB31DD1186D4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F), ref: 02656038
        • Part of subcall function 02652F0C: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 02652F37
        • Part of subcall function 02655E2C: RtlEnterCriticalSection.NTDLL(02656A07), ref: 02655E34
        • Part of subcall function 02655E2C: RtlLeaveCriticalSection.NTDLL(02656A07), ref: 02655E42
        • Part of subcall function 026566BC: HeapFree.KERNEL32(?,00000000,?,00000000,026568A7,?,02655F14,026568A7,00000000,?,100122A8,026568A7,?), ref: 026566E3
      • SetLastError.KERNEL32(00000000,?), ref: 02656023
      • SetLastError.KERNEL32(00000057), ref: 0265604D
      • WSAGetLastError.WS2_32(?), ref: 0265605C
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: ErrorLast$CriticalHeapSection$AllocateEnterFreeLeave
      • String ID:
      • API String ID: 2160363220-0
      • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction ID: c66a2f839c5e00987b45134269358491f2257256cd4711799c5884300cf50776
      • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction Fuzzy Hash: 2211A773A011389BDB10EF69E88469EB7A9EF88222F4441AAEC0CD3200D7359D11C6D1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ceil.MSVCR100 ref: 1000112F
      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
      • memcpy.MSVCR100 ref: 1000117C
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Virtual$AllocFreeceilmemcpy
      • String ID:
      • API String ID: 941304502-0
      • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
      • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
      • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
      • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAEventSelect.WS2_32(10003ABB,00000001,00000023), ref: 10003C02
      • WSAGetLastError.WS2_32 ref: 10003C0D
      • send.WS2_32(00000001,00000000,00000000,00000000), ref: 10003C58
      • WSAGetLastError.WS2_32 ref: 10003C63
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ErrorLast$EventSelectsend
      • String ID:
      • API String ID: 259408233-0
      • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction ID: 1e34e906bf1f561d7e2ad43756d4eb31c95bef378edec9e2eb53c750d2609e08
      • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction Fuzzy Hash: E7113AB6600B509BE320CB79D8C8A47B7E9FB88750F018A2DF9A6C3695D735E9008B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAEventSelect.WS2_32(02655707,00000001,00000023), ref: 0265584E
      • WSAGetLastError.WS2_32 ref: 02655859
      • send.WS2_32(00000001,00000000,00000000,00000000), ref: 026558A4
      • WSAGetLastError.WS2_32 ref: 026558AF
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: ErrorLast$EventSelectsend
      • String ID:
      • API String ID: 259408233-0
      • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction ID: 7419d13f582a73dfc844ca9436356ca0aab7006495940e3efc3b4f3071a5d316
      • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction Fuzzy Hash: 12112EB16107205BE3209F79C8C8A57B6EAFB88710F504A1DE967C7790D779F5108B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,8834D961,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A13
      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,8834D961,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A40
      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
      • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,?,00000000,00000000), ref: 10007B07
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
      • String ID:
      • API String ID: 3901553425-0
      • Opcode ID: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
      • Instruction ID: efe17ea185d12684d878693edc1b18e8d1ff87ead5748dc24528a512154253e9
      • Opcode Fuzzy Hash: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
      • Instruction Fuzzy Hash: CC215874B00601DFE714CF98C990AADBBB1FB89354B21829DE91A97391C735EE02CB81
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CF0017C,10004C5B,?), ref: 100041E8
      • LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
      • LeaveCriticalSection.KERNEL32(10004DBB), ref: 10004257
      • SetEvent.KERNEL32(207E8915), ref: 10004272
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CriticalSection$Leave$EnterEvent
      • String ID:
      • API String ID: 3394196147-0
      • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction ID: 96050006febd72b84065b66e0954a009dcf70bb20e51a277782550e92b998592
      • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction Fuzzy Hash: 4911E5B0600B01AFE714DF75C988A96B7F5FF58341B56C92DE55E87225EB30E811CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(02656A07), ref: 02655E34
      • RtlLeaveCriticalSection.NTDLL(02656A07), ref: 02655E42
      • RtlLeaveCriticalSection.NTDLL(02656A07), ref: 02655EA3
      • SetEvent.KERNEL32(207E8915), ref: 02655EBE
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CriticalSection$Leave$EnterEvent
      • String ID:
      • API String ID: 3394196147-0
      • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction ID: 4a39e48154a86186eded48c6a5699b5a5c9a34e28e4d1146484c589fb7d5d6f0
      • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction Fuzzy Hash: 7D11B0B0600B00AFD725CF75C988A92BBE5BF58305F54C82DE95A87211EB30E811CB80
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • timeGetTime.WINMM(00000001,?,00000001,?,10003C4F,?,?,00000001), ref: 10004995
      • InterlockedIncrement.KERNEL32(?), ref: 100049A4
      • InterlockedIncrement.KERNEL32(?), ref: 100049B1
      • timeGetTime.WINMM(?,00000001,?,10003C4F,?,?,00000001), ref: 100049C8
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: IncrementInterlockedTimetime
      • String ID:
      • API String ID: 159728177-0
      • Opcode ID: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
      • Instruction ID: 388a31e28c4315a2b80f9eb1b1731ff0b6962f18e2323a641fbf2073ec4b61e2
      • Opcode Fuzzy Hash: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
      • Instruction Fuzzy Hash: 07011AB16007059FD720DFAAD88094AFBF8FF58650701892EE549C7711EB74EA448FE4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CloseSleep
      • String ID:
      • API String ID: 2834455192-0
      • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction ID: 40e2d4bb6971c59b330afc6df19c923995e5ccb5cf396e3b85b6e5e8b4ea58bd
      • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction Fuzzy Hash: 190181B1504321FBE214ABA4CC89F7BBBACFB49304F008918FB45D61A1D770E921CB66
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
      • free.MSVCR100(?), ref: 100036DC
      • malloc.MSVCR100 ref: 10003718
      • memset.MSVCR100 ref: 10003727
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CreateTimerWaitablefreemallocmemset
      • String ID:
      • API String ID: 3069344516-0
      • Opcode ID: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
      • Instruction ID: e76cd7351c069e8dc2573ffc5f75bc7c557aaaa7039b3712dd61b8e0fe7f7cd0
      • Opcode Fuzzy Hash: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
      • Instruction Fuzzy Hash: 7401A9F5900B04DFE360DF7A8885B97BBE9EB45244F10882EE5AE83301C675A8448F20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
        • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
      • HeapDestroy.KERNEL32(00000000,?,?,1000ED78), ref: 1000EE93
      • HeapCreate.KERNEL32(?,?,?,?,?,1000ED78), ref: 1000EEA5
      • free.MSVCR100(?), ref: 1000EEB5
      • HeapDestroy.KERNEL32(?), ref: 1000EEE3
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Heap$Destroyfree$CreateFree
      • String ID:
      • API String ID: 3907340440-0
      • Opcode ID: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
      • Instruction ID: 2b6ea0b1bf14b454bcfa0d9d0ec2d02c0ea479da0eae51473de9a487cb0356fb
      • Opcode Fuzzy Hash: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
      • Instruction Fuzzy Hash: B5F037F9100652ABE710DF24D848B67BBF8FF84790F118518E96993654DB35E821CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
      • _beginthreadex.MSVCR100 ref: 1000F46F
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
      • CloseHandle.KERNEL32(?), ref: 1000F48A
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
      • String ID:
      • API String ID: 92035984-0
      • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
      • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
      • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
      • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
      • memcpy.MSVCR100 ref: 1000D514
        • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: string too long
      • API String ID: 4248180022-2556327735
      • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
      • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
      • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
      • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
      • memcpy.MSVCR100 ref: 1000D8B2
        • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
        • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
        • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
      • String ID: string too long
      • API String ID: 433638341-2556327735
      • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
      • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
      • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
      • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,8834D961,15555555,?,?,?,00000000), ref: 10008C1D
      • ??3@YAXPAX@Z.MSVCR100 ref: 10008C78
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: ??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2313657577-3788999226
      • Opcode ID: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
      • Instruction ID: fb7adf7a1d09ac6a26db31f93637622f031e953306e888bd675b0b75f72f74ca
      • Opcode Fuzzy Hash: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
      • Instruction Fuzzy Hash: A4218EB6A00606AFD704DF5CC980E9AB7F4FB88350F518629E9159B384DB30AA14CBD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        • Part of subcall function 1000D7C0: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1000D897,00000000,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D7CA
      • memcpy.MSVCR100 ref: 1000D433
      Strings
      • invalid string position, xrefs: 1000D3D2
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: invalid string position
      • API String ID: 4248180022-1799206989
      • Opcode ID: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
      • Instruction ID: 52917fc2c828b592c0c48c691309feb71193cfbfd6d654fc01bcf82dc82b710e
      • Opcode Fuzzy Hash: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
      • Instruction Fuzzy Hash: B311CE363002119BE714EE6CE8C0AADB7A6FB942A0B54022FF545CB645D771F994C7F1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • gethostname.WS2_32(?,00000100), ref: 02658184
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: gethostname
      • String ID: Host$SYSTEM\Setup
      • API String ID: 144339138-2058306683
      • Opcode ID: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
      • Instruction ID: 08cd813537a1ef396d94ed0e0459ac8837e33239ec333dca5900ece535a30713
      • Opcode Fuzzy Hash: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
      • Instruction Fuzzy Hash: AC11CBB0A412259BE715DF24CC91B6D77B9EF49300F0081A5EB08A7390D770EA96CF59
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,?,?,1000767F,?,8834D961), ref: 1000D2C8
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Xlength_error@std@@
      • String ID: string too long
      • API String ID: 1004598685-2556327735
      • Opcode ID: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
      • Instruction ID: 7c290e37c21cc128044187aa2d57a67ac510d619e09b39ca63a5e6919b49c54c
      • Opcode Fuzzy Hash: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
      • Instruction Fuzzy Hash: 36118271305641DFF724EE5C9980B1DB7A9FF61290F14012BF9128B295D7B1EA90C6B2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,?,1000D3F8,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D34F
      • memmove.MSVCR100 ref: 1000D386
      Strings
      • invalid string position, xrefs: 1000D34A
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: Xout_of_range@std@@memmove
      • String ID: invalid string position
      • API String ID: 1894236298-1799206989
      • Opcode ID: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
      • Instruction ID: 7c4033c306467bb4ef33dfaef203c6491ed6da220de6590d554043c3ccb312a9
      • Opcode Fuzzy Hash: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
      • Instruction Fuzzy Hash: 8F0171B13046008BE721DA6CEC8861EB7E6EBC1680B254A1DE182C764DD671DD828762
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 10005B4A
      • RegCloseKey.ADVAPI32(?), ref: 10005B54
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: Host
      • API String ID: 3132538880-1863695555
      • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction ID: dcad731e8835d6dae927973394ebae374a698fdf24b40fc78b981aaf5b05d5c2
      • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction Fuzzy Hash: A3E0C2B4600254FFE315CF648C9DFBA7B6ADB89301F108380FD459B244CA32DA15C790
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 10005B9A
      • RegCloseKey.ADVAPI32(?), ref: 10005BA4
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: BITS
      • API String ID: 3132538880-1135043067
      • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction ID: 335dbc8b6873fe5d047cc230d3b8783f13d6a85026f1eab1c6dcc6bab130e0b3
      • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction Fuzzy Hash: FDE0C2B4600254FFE311CB648C9DFBB7B6ADB89302F108280FC459B255CA32DA11CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 02657796
      • RegCloseKey.ADVAPI32(?), ref: 026577A0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: Host
      • API String ID: 3132538880-1863695555
      • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction ID: d2bf95cc1d3e85d4a8a6820bae9a138ce4fee722612ea0f0cb80ad225d499e70
      • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction Fuzzy Hash: B0E0C2B4600224FFE726CF649C9CFBA7B2ADB89301F108280FD459B250CA31CA15CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 026577E6
      • RegCloseKey.ADVAPI32(?), ref: 026577F0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1723875147.0000000002650000.00000040.00000020.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2650000_sample.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: BITS
      • API String ID: 3132538880-1135043067
      • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction ID: 6cf3ae4129227bd369f098ef8c829d76b06cb7625edf3a0b71223229ce1dae22
      • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction Fuzzy Hash: 68E0CDB4600214FFD711CB509C9DFB67B6ADB89701F108280FC4597251CA31CA10C750
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
      • memset.MSVCR100 ref: 10005D11
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
      • memcpy.MSVCR100 ref: 10005D39
      Memory Dump Source
      • Source File: 00000000.00000002.1723982298.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000000.00000002.1723970765.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1723996344.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724010118.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000000.00000002.1724021455.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_10000000_sample.jbxd
      Similarity
      • API ID: AllocVirtual$memcpymemset
      • String ID:
      • API String ID: 2542864682-0
      • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
      • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
      • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
      • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
      Uniqueness

      Uniqueness Score: -1.00%

      Execution Graph

      Execution Coverage:5.5%
      Dynamic/Decrypted Code Coverage:94.1%
      Signature Coverage:4.8%
      Total number of Nodes:1367
      Total number of Limit Nodes:16
      execution_graph 14385 3000000 14388 3000010 14385->14388 14391 3000040 14388->14391 14390 300000a 14410 3000810 14391->14410 14393 3000048 14432 3000430 14393->14432 14395 300005a 14396 3000070 14395->14396 14397 3000063 14395->14397 14460 3000590 14396->14460 14525 3000640 14397->14525 14402 3000082 14404 3000640 LoadLibraryA 14402->14404 14403 300008f 14463 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 14403->14463 14405 3000088 14404->14405 14405->14390 14407 3000640 LoadLibraryA 14408 3000098 14407->14408 14408->14390 14411 30008a4 14410->14411 14528 30007a0 14411->14528 14413 3001110 14414 30007a0 LoadLibraryA 14413->14414 14415 3001131 14414->14415 14416 30007a0 LoadLibraryA 14415->14416 14417 3001197 14416->14417 14418 30007a0 LoadLibraryA 14417->14418 14419 30011b5 14418->14419 14420 30007a0 LoadLibraryA 14419->14420 14421 30011ff 14420->14421 14422 30007a0 LoadLibraryA 14421->14422 14423 3001289 14422->14423 14424 30007a0 LoadLibraryA 14423->14424 14425 30012aa 14424->14425 14426 30007a0 LoadLibraryA 14425->14426 14427 30012cb 14426->14427 14428 30007a0 LoadLibraryA 14427->14428 14429 30012ec 14428->14429 14430 30007a0 LoadLibraryA 14429->14430 14431 30013ed 14430->14431 14431->14393 14433 3000810 LoadLibraryA 14432->14433 14434 300043a 14433->14434 14435 3000447 14434->14435 14436 3000462 VirtualAlloc 14434->14436 14435->14395 14437 300047a 14436->14437 14438 300048f 14437->14438 14439 30004a0 VirtualAlloc VirtualAlloc 14437->14439 14438->14395 14440 30004e2 14439->14440 14531 30000b0 14440->14531 14442 30004fc 14536 3000300 14442->14536 14445 3000530 14541 3000160 14445->14541 14446 3000520 14447 3000640 LoadLibraryA 14446->14447 14449 3000525 14447->14449 14449->14395 14451 3000574 14451->14395 14452 3000547 14454 3000640 LoadLibraryA 14452->14454 14453 3000558 14547 1000ffdc 14453->14547 14455 300054d 14454->14455 14455->14395 14457 3000640 LoadLibraryA 14458 3000569 14457->14458 14458->14395 14461 3000810 LoadLibraryA 14460->14461 14462 300007b 14461->14462 14462->14402 14462->14403 14464 1000e65e 14463->14464 14465 1000e64f ??2@YAPAXI 14463->14465 14590 10005180 RegCreateKeyA 14464->14590 14465->14464 14468 1000e69d 14601 1000de90 14468->14601 14469 1000e75f 14470 1000e764 GetModuleFileNameA 14469->14470 14471 1000e785 14469->14471 14473 1000e742 SetFileAttributesA CreateThread 14470->14473 14474 1000e791 OutputDebugStringA 14471->14474 14475 1000e78a OutputDebugStringA 14471->14475 14473->14474 14737 1000e530 14473->14737 14477 1000e923 14474->14477 14478 1000e7a5 14474->14478 14475->14474 14483 1000eb15 14477->14483 14484 1000e929 OutputDebugStringA _wcsicmp 14477->14484 14480 1000e7cc GetNativeSystemInfo 14478->14480 14481 1000e7ae ??2@YAPAXI 14478->14481 14479 1000de90 105 API calls 14482 1000e6b1 14479->14482 14488 1000e7e2 14480->14488 14489 1000e7e8 GetSystemWow64DirectoryA 14480->14489 14486 1000e7bd 14481->14486 14487 1000de90 105 API calls 14482->14487 14671 1000fb3c 14483->14671 14490 1000e967 _wcsicmp 14484->14490 14491 1000e94c 14484->14491 14486->14480 14494 1000e6bb 14487->14494 14488->14489 14495 1000e7fd GetSystemDirectoryA 14488->14495 14496 1000e810 OutputDebugStringA 14489->14496 14490->14483 14492 1000e981 OutputDebugStringA 14490->14492 14645 1000dc20 14491->14645 14499 1000e9b5 GetNativeSystemInfo 14492->14499 14500 1000e997 ??2@YAPAXI 14492->14500 14493 3000092 14493->14407 14501 1000de90 105 API calls 14494->14501 14495->14496 14498 1000e820 14496->14498 14498->14498 14502 1000e828 SHGetFolderPathA sprintf_s CopyFileA 14498->14502 14503 1000e9d1 GetSystemWow64DirectoryA 14499->14503 14504 1000e9cb 14499->14504 14507 1000e9a6 14500->14507 14505 1000e6c5 14501->14505 14506 1000e8a4 14502->14506 14509 1000e9f9 OutputDebugStringA 14503->14509 14504->14503 14508 1000e9e6 GetSystemDirectoryA 14504->14508 14510 1000de90 105 API calls 14505->14510 14506->14506 14511 1000e8ac OutputDebugStringA 14506->14511 14507->14499 14508->14509 14512 1000ea08 14509->14512 14513 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 14510->14513 14514 1000e8e8 14511->14514 14515 1000e8d9 ??2@YAPAXI 14511->14515 14512->14512 14516 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 14512->14516 14513->14473 14651 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 14514->14651 14515->14514 14518 1000ea90 14516->14518 14518->14518 14520 1000ea98 OutputDebugStringA OutputDebugStringA 14518->14520 14519 1000e908 14521 1000e915 CloseHandle ExitProcess 14519->14521 14522 1000eb0f CloseHandle 14519->14522 14523 1000eacc ??2@YAPAXI 14520->14523 14524 1000eadb 14520->14524 14522->14483 14523->14524 14524->14522 14526 3000810 LoadLibraryA 14525->14526 14527 3000069 14526->14527 14527->14390 14529 30007a8 14528->14529 14530 30007f4 LoadLibraryA 14529->14530 14530->14413 14532 3000810 LoadLibraryA 14531->14532 14535 30000c0 14532->14535 14533 3000159 14533->14442 14534 3000111 VirtualAlloc 14534->14535 14535->14533 14535->14534 14537 3000810 LoadLibraryA 14536->14537 14540 300031c 14537->14540 14538 30007a0 LoadLibraryA 14538->14540 14539 3000404 14539->14445 14539->14446 14540->14538 14540->14539 14542 3000810 LoadLibraryA 14541->14542 14543 3000169 14542->14543 14544 30001b3 VirtualFree 14543->14544 14545 300026d 14543->14545 14546 300023b VirtualProtect 14543->14546 14544->14543 14545->14451 14545->14452 14545->14453 14546->14543 14548 1000ffe7 14547->14548 14549 1000ffec 14547->14549 14561 10010474 14548->14561 14553 1000fec6 14549->14553 14552 300055f 14552->14451 14552->14457 14554 1000fed2 ___DllMainCRTStartup 14553->14554 14556 1000ff2d ___DllMainCRTStartup 14554->14556 14560 1000fef9 ___DllMainCRTStartup 14554->14560 14565 1000fcbc 14554->14565 14557 1000ff5d 14556->14557 14559 1000fcbc __CRT_INIT@12 19 API calls 14556->14559 14556->14560 14558 1000fcbc __CRT_INIT@12 19 API calls 14557->14558 14557->14560 14558->14560 14559->14557 14560->14552 14562 100104a6 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 14561->14562 14563 10010499 14561->14563 14564 1001049d 14562->14564 14563->14562 14563->14564 14564->14549 14569 1000fcff 14565->14569 14570 1000fccd 14565->14570 14566 1000fcf8 __IsNonwritableInCurrentImage 14566->14556 14567 1000fde2 InterlockedCompareExchange 14567->14570 14572 1000fdec 14567->14572 14568 1000fd35 InterlockedCompareExchange 14568->14569 14573 1000fd3d 14568->14573 14569->14566 14569->14568 14569->14573 14574 1000fd28 Sleep 14569->14574 14570->14566 14570->14567 14571 1000fdd7 Sleep 14570->14571 14570->14572 14571->14567 14577 1000fe0c DecodePointer 14572->14577 14578 1000fdff _amsg_exit 14572->14578 14575 1000fd52 _amsg_exit 14573->14575 14576 1000fd5b _initterm_e 14573->14576 14574->14568 14579 1000fd94 14575->14579 14576->14566 14580 1000fd7e _initterm 14576->14580 14581 1000fe25 DecodePointer 14577->14581 14582 1000fea8 14577->14582 14578->14566 14579->14566 14584 1000fd9c InterlockedExchange 14579->14584 14580->14579 14585 1000fe38 14581->14585 14582->14566 14583 1000feb4 InterlockedExchange 14582->14583 14583->14566 14584->14566 14586 1000fe8e free _encoded_null 14585->14586 14587 1000fe45 _encoded_null 14585->14587 14586->14582 14587->14585 14588 1000fe4f DecodePointer _encoded_null 14587->14588 14589 1000fe61 DecodePointer DecodePointer 14588->14589 14589->14585 14591 10005291 14590->14591 14592 100051c4 RegQueryValueExA 14590->14592 14594 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14591->14594 14593 100051f8 14592->14593 14595 10005234 RegQueryValueExA 14593->14595 14597 10005217 RegSetValueExA 14593->14597 14596 100052a2 14594->14596 14598 10005262 14595->14598 14599 1000526b RegSetValueExA 14595->14599 14596->14468 14596->14469 14597->14595 14598->14599 14600 10005284 RegCloseKey 14598->14600 14599->14600 14600->14591 14677 10005720 CreateToolhelp32Snapshot Process32First 14601->14677 14604 1000deb5 OpenProcess 14605 1000e37b 14604->14605 14607 1000ded0 OpenProcessToken 14604->14607 14606 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14605->14606 14608 1000e388 14606->14608 14609 1000e374 CloseHandle 14607->14609 14610 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 14607->14610 14608->14479 14609->14605 14611 1000df64 AdjustTokenPrivileges 14610->14611 14612 1000df88 LookupPrivilegeValueA 14610->14612 14611->14612 14613 1000dfa3 AdjustTokenPrivileges 14612->14613 14614 1000dfc7 LookupPrivilegeValueA 14612->14614 14613->14614 14615 1000dfe2 AdjustTokenPrivileges 14614->14615 14616 1000e006 LookupPrivilegeValueA 14614->14616 14615->14616 14617 1000e021 AdjustTokenPrivileges 14616->14617 14618 1000e045 LookupPrivilegeValueA 14616->14618 14617->14618 14619 1000e060 AdjustTokenPrivileges 14618->14619 14620 1000e084 LookupPrivilegeValueA 14618->14620 14619->14620 14621 1000e0c3 LookupPrivilegeValueA 14620->14621 14622 1000e09f AdjustTokenPrivileges 14620->14622 14623 1000e102 LookupPrivilegeValueA 14621->14623 14624 1000e0de AdjustTokenPrivileges 14621->14624 14622->14621 14625 1000e141 LookupPrivilegeValueA 14623->14625 14626 1000e11d AdjustTokenPrivileges 14623->14626 14624->14623 14627 1000e180 LookupPrivilegeValueA 14625->14627 14628 1000e15c AdjustTokenPrivileges 14625->14628 14626->14625 14629 1000e19b AdjustTokenPrivileges 14627->14629 14630 1000e1bf LookupPrivilegeValueA 14627->14630 14628->14627 14629->14630 14631 1000e1da AdjustTokenPrivileges 14630->14631 14632 1000e1fe LookupPrivilegeValueA 14630->14632 14631->14632 14633 1000e219 AdjustTokenPrivileges 14632->14633 14634 1000e23d LookupPrivilegeValueA 14632->14634 14633->14634 14635 1000e258 AdjustTokenPrivileges 14634->14635 14636 1000e27c LookupPrivilegeValueA 14634->14636 14635->14636 14637 1000e297 AdjustTokenPrivileges 14636->14637 14638 1000e2bb GetLengthSid SetTokenInformation 14636->14638 14637->14638 14685 1000dd00 CreateToolhelp32Snapshot Thread32First 14638->14685 14640 1000e303 14641 1000e315 PostThreadMessageA 14640->14641 14642 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 14640->14642 14641->14641 14641->14642 14643 1000e371 14642->14643 14644 1000e367 ??3@YAXPAX 14642->14644 14643->14609 14644->14643 14646 1000dc6d 6 API calls 14645->14646 14647 1000dc4f ??2@YAPAXI 14645->14647 14649 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14646->14649 14648 1000dc5e 14647->14648 14648->14646 14650 1000dcf0 14649->14650 14652 100054c5 OutputDebugStringA SuspendThread OutputDebugStringA VirtualAllocEx 14651->14652 14653 1000536c memset 14651->14653 14654 10005500 OutputDebugStringA WriteProcessMemory 14652->14654 14655 100054b2 14652->14655 14656 100053ad GetNativeSystemInfo 14653->14656 14657 1000538f ??2@YAPAXI 14653->14657 14654->14655 14659 10005526 OutputDebugStringA QueueUserAPC ResumeThread 14654->14659 14658 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14655->14658 14660 100053c7 14656->14660 14661 100053cd GetSystemWow64DirectoryA 14656->14661 14665 1000539e 14657->14665 14663 100054c1 14658->14663 14664 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14659->14664 14660->14661 14666 100053e1 GetSystemDirectoryA 14660->14666 14662 100053f3 OutputDebugStringA 14661->14662 14667 10005401 14662->14667 14663->14519 14668 1000555b 14664->14668 14665->14656 14666->14662 14667->14667 14669 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 14667->14669 14668->14519 14669->14652 14670 1000549a CloseHandle CloseHandle 14669->14670 14670->14655 14672 1000fb44 14671->14672 14673 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 14671->14673 14672->14493 14675 10010137 _crt_debugger_hook 14673->14675 14676 1001013f GetCurrentProcess TerminateProcess 14673->14676 14675->14676 14676->14493 14678 1000575e 14677->14678 14679 1000578f FindCloseChangeNotification 14677->14679 14680 10005760 _mbsicmp 14678->14680 14681 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14679->14681 14682 10005775 Process32Next 14680->14682 14683 10005787 14680->14683 14684 100057a4 14681->14684 14682->14680 14682->14683 14683->14679 14684->14604 14684->14605 14686 1000de50 CloseHandle 14685->14686 14694 1000dd6f 14685->14694 14687 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14686->14687 14688 1000de71 14687->14688 14688->14640 14689 1000de3d Thread32Next 14689->14686 14689->14694 14690 1000de75 ?_Xlength_error@std@@YAXPBD 14691 1000de90 14690->14691 14692 10005720 12 API calls 14691->14692 14693 1000deaa 14692->14693 14695 1000deb5 OpenProcess 14693->14695 14696 1000e37b 14693->14696 14694->14689 14694->14690 14699 10006370 6 API calls 14694->14699 14695->14696 14698 1000ded0 OpenProcessToken 14695->14698 14697 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14696->14697 14700 1000e388 14697->14700 14701 1000e374 CloseHandle 14698->14701 14702 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 14698->14702 14699->14694 14700->14640 14701->14696 14703 1000df64 AdjustTokenPrivileges 14702->14703 14704 1000df88 LookupPrivilegeValueA 14702->14704 14703->14704 14705 1000dfa3 AdjustTokenPrivileges 14704->14705 14706 1000dfc7 LookupPrivilegeValueA 14704->14706 14705->14706 14707 1000dfe2 AdjustTokenPrivileges 14706->14707 14708 1000e006 LookupPrivilegeValueA 14706->14708 14707->14708 14709 1000e021 AdjustTokenPrivileges 14708->14709 14710 1000e045 LookupPrivilegeValueA 14708->14710 14709->14710 14711 1000e060 AdjustTokenPrivileges 14710->14711 14712 1000e084 LookupPrivilegeValueA 14710->14712 14711->14712 14713 1000e0c3 LookupPrivilegeValueA 14712->14713 14714 1000e09f AdjustTokenPrivileges 14712->14714 14715 1000e102 LookupPrivilegeValueA 14713->14715 14716 1000e0de AdjustTokenPrivileges 14713->14716 14714->14713 14717 1000e141 LookupPrivilegeValueA 14715->14717 14718 1000e11d AdjustTokenPrivileges 14715->14718 14716->14715 14719 1000e180 LookupPrivilegeValueA 14717->14719 14720 1000e15c AdjustTokenPrivileges 14717->14720 14718->14717 14721 1000e19b AdjustTokenPrivileges 14719->14721 14722 1000e1bf LookupPrivilegeValueA 14719->14722 14720->14719 14721->14722 14723 1000e1da AdjustTokenPrivileges 14722->14723 14724 1000e1fe LookupPrivilegeValueA 14722->14724 14723->14724 14725 1000e219 AdjustTokenPrivileges 14724->14725 14726 1000e23d LookupPrivilegeValueA 14724->14726 14725->14726 14727 1000e258 AdjustTokenPrivileges 14726->14727 14728 1000e27c LookupPrivilegeValueA 14726->14728 14727->14728 14729 1000e297 AdjustTokenPrivileges 14728->14729 14730 1000e2bb GetLengthSid SetTokenInformation 14728->14730 14729->14730 14731 1000dd00 18 API calls 14730->14731 14732 1000e303 14731->14732 14733 1000e315 PostThreadMessageA 14732->14733 14734 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 14732->14734 14733->14733 14733->14734 14735 1000e371 14734->14735 14736 1000e367 ??3@YAXPAX 14734->14736 14735->14701 14736->14735 14738 1000e550 RegOpenKeyExA 14737->14738 14739 1000e5ab 14738->14739 14740 1000e56c RegQueryValueExA 14738->14740 14745 1000e390 SHGetFolderPathA GetModuleFileNameA sprintf_s sprintf_s RegOpenKeyExA 14739->14745 14741 1000e5a0 RegCloseKey 14740->14741 14742 1000e588 RegCloseKey Sleep 14740->14742 14741->14739 14742->14738 14744 1000e5b0 Sleep 14744->14738 14746 1000e484 OutputDebugStringA RegOpenKeyExA 14745->14746 14747 1000e435 RegQueryValueExA 14745->14747 14748 1000e518 14746->14748 14749 1000e4ad 14746->14749 14750 1000e462 RegCloseKey 14747->14750 14751 1000e47b RegCloseKey 14747->14751 14754 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14748->14754 14752 1000de90 105 API calls 14749->14752 14753 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14750->14753 14751->14746 14755 1000e4b7 14752->14755 14756 1000e477 14753->14756 14757 1000e524 14754->14757 14758 1000de90 105 API calls 14755->14758 14756->14744 14757->14744 14759 1000e4c1 14758->14759 14760 1000de90 105 API calls 14759->14760 14761 1000e4cb 14760->14761 14762 1000de90 105 API calls 14761->14762 14763 1000e4d5 14762->14763 14764 1000de90 105 API calls 14763->14764 14765 1000e4df RegSetValueExA RegCloseKey 14764->14765 14765->14748 14767 1000f3b0 SetEvent 14768 1000f401 14767->14768 14769 1000f3fc 14767->14769 14773 1000d9b0 14768->14773 14793 1000f560 OpenInputDesktop 14769->14793 14799 100105c0 14773->14799 14776 1000da38 GetLastError 14777 1000da5b 14776->14777 14778 1000da45 ReleaseMutex CloseHandle exit 14776->14778 14801 10002c70 WSAStartup CreateEventA InterlockedExchange 14777->14801 14778->14777 14782 1000da7f 14783 1000daa0 GetTickCount 14782->14783 14784 1000dabb GetTickCount 14782->14784 14825 10002e60 ResetEvent InterlockedExchange timeGetTime socket 14783->14825 14785 1000daf1 CreateEventA 14784->14785 14788 1000db5c 14785->14788 14786 1000db64 ??2@YAPAXI 14786->14788 14788->14786 14789 1000dba9 14788->14789 14836 10006970 GetModuleHandleW 14788->14836 14790 1000dbd0 TerminateThread CloseHandle 14789->14790 14791 1000dbf8 CloseHandle 14789->14791 14790->14790 14790->14791 14791->14783 14794 1000f5af 14793->14794 14796 1000f5c1 14793->14796 15880 1000f4a0 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 14794->15880 14796->14768 14798 1000f5ba CloseDesktop 14798->14796 14800 1000d9cf wsprintfA CreateMutexA 14799->14800 14800->14776 14800->14777 14802 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14801->14802 14803 10002d06 14802->14803 14804 1000f0b0 CreateEventA 14803->14804 14805 1000f111 14804->14805 14806 1000f107 14804->14806 14911 1000ee00 HeapCreate 14805->14911 14924 10001560 _CxxThrowException DeleteCriticalSection 14806->14924 14810 1000f1a0 14925 10001560 _CxxThrowException DeleteCriticalSection 14810->14925 14811 1000f1aa CreateEventA 14812 1000f1e3 14811->14812 14813 1000f1ed CreateEventA 14811->14813 14926 10001560 _CxxThrowException DeleteCriticalSection 14812->14926 14816 1000f212 CreateEventA 14813->14816 14817 1000f208 14813->14817 14819 1000f237 14816->14819 14820 1000f22d 14816->14820 14927 10001560 _CxxThrowException DeleteCriticalSection 14817->14927 14917 1000ef10 InitializeCriticalSectionAndSpinCount 14819->14917 14928 10001560 _CxxThrowException DeleteCriticalSection 14820->14928 14824 1000f354 14824->14782 14826 10002ec9 14825->14826 14827 10002ede gethostbyname 14825->14827 14829 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14826->14829 14827->14826 14828 10002eeb htons connect 14827->14828 14828->14826 14831 10002f21 setsockopt setsockopt setsockopt setsockopt 14828->14831 14830 10002ed8 14829->14830 14830->14782 14832 10002fd0 InterlockedExchange _beginthreadex _beginthreadex 14831->14832 14833 10002f9c WSAIoctl 14831->14833 14834 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14832->14834 14833->14832 14835 10003022 14834->14835 14835->14782 14837 100069f8 OutputDebugStringA memset memset gethostname gethostbyname 14836->14837 14838 100069df GetProcAddress 14836->14838 14840 10006a53 inet_ntoa strcat_s strcat_s 14837->14840 14841 10006aee inet_addr 14837->14841 14838->14837 14839 100069ef 14838->14839 14839->14837 14840->14841 14842 10006a9c 14840->14842 14843 10006b0a wsprintfA 14841->14843 14844 10006aa0 inet_ntoa strcat_s strcat_s 14842->14844 14932 10006480 memset memset 14843->14932 14844->14841 14844->14844 14849 10006b8a 14957 100067d0 InternetOpenA 14849->14957 14852 1000d460 15 API calls 14853 10006bc8 ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ ??2@YAPAXI 14852->14853 14854 10006c38 14853->14854 14975 10008310 14854->14975 14856 10006cb5 14979 10007cc0 ??2@YAPAXI 14856->14979 14861 10006e92 OutputDebugStringA ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ ??2@YAPAXI 14862 10006f0b 14861->14862 14865 10008310 strchr 14862->14865 14867 10006f88 14865->14867 14869 10007cc0 148 API calls 14867->14869 14868 10006dfd 14870 10006e14 14868->14870 14871 10006e07 ??3@YAXPAX 14868->14871 14875 10006f90 14869->14875 14872 10006e61 strncpy 14870->14872 14873 10006e28 14870->14873 14871->14870 14872->14873 14873->14861 14874 10006e82 ??3@YAXPAX 14873->14874 14874->14861 14876 10007b50 96 API calls 14875->14876 14877 10007067 14876->14877 14878 10007165 9 API calls 14877->14878 14880 10007770 26 API calls 14877->14880 14879 1000724e 14878->14879 14881 1000726e 14879->14881 14882 10007252 capGetDriverDescriptionA 14879->14882 14883 100070a6 14880->14883 15021 10006550 memset 14881->15021 14882->14879 14882->14881 14884 1000d3c0 13 API calls 14883->14884 14885 100070d2 14884->14885 14887 100070e9 14885->14887 14888 100070dc ??3@YAXPAX 14885->14888 14892 10007134 strncpy 14887->14892 14893 100070fd 14887->14893 14888->14887 14890 100072a3 wsprintfA 14891 100072b6 OutputDebugStringA 14890->14891 14894 100072d6 OutputDebugStringA 14891->14894 14892->14893 14893->14878 14896 10007155 ??3@YAXPAX 14893->14896 14897 1000711d 14893->14897 14895 100072f3 ??3@YAXPAX 14894->14895 14900 100072f9 14894->14900 14895->14900 14896->14878 14897->14893 14898 10007349 14901 1000735d ??3@YAXPAX 14898->14901 14904 10007363 14898->14904 14899 1000733f ?_Decref@facet@locale@std@@QAEPAV123 14899->14898 14900->14898 14900->14899 14901->14904 14902 100073a9 ?_Decref@facet@locale@std@@QAEPAV123 14903 100073b3 14902->14903 14905 100073d6 14903->14905 14906 100073ca ??3@YAXPAX 14903->14906 14904->14902 14904->14903 14907 10007400 14905->14907 14908 100073f4 ??3@YAXPAX 14905->14908 14906->14905 14909 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14907->14909 14908->14907 14910 1000741e 14909->14910 14910->14788 14912 1000ee31 14911->14912 14913 1000ee27 14911->14913 14915 1000ee55 free 14912->14915 14916 1000ee6e InitializeCriticalSectionAndSpinCount 14912->14916 14929 10001560 _CxxThrowException DeleteCriticalSection 14913->14929 14915->14916 14916->14810 14916->14811 14918 1000ef71 14917->14918 14919 1000ef7b InitializeCriticalSectionAndSpinCount 14917->14919 14930 10001560 _CxxThrowException DeleteCriticalSection 14918->14930 14921 1000ef93 InterlockedExchange timeGetTime CreateEventA CreateEventA 14919->14921 14922 1000ef89 14919->14922 14921->14824 14931 10001560 _CxxThrowException DeleteCriticalSection 14922->14931 14924->14805 14925->14811 14926->14813 14927->14816 14928->14819 14929->14912 14930->14919 14931->14921 14933 100064fc 14932->14933 14934 100064ed ??2@YAPAXI 14932->14934 15028 1000f5f0 memset memset RegOpenKeyExA 14933->15028 14934->14933 14937 10006532 gethostname 14938 1000653e lstrlenA 14937->14938 14939 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14938->14939 14940 1000654c OutputDebugStringA 14939->14940 14941 1000d460 14940->14941 14942 1000d4bb 14941->14942 14947 1000d46e 14941->14947 14943 1000d4c0 ?_Xlength_error@std@@YAXPBD 14942->14943 14944 1000d4cb 14942->14944 14943->14944 14945 1000d4dd 14944->14945 15046 1000d650 14944->15046 14948 1000d511 memcpy 14945->14948 14952 1000d4ef 14945->14952 14947->14942 14949 1000d490 14947->14949 14948->14952 14950 1000d495 14949->14950 14951 1000d4a8 14949->14951 14953 1000d3c0 13 API calls 14950->14953 14954 1000d3c0 13 API calls 14951->14954 14952->14849 14955 1000d4a2 14953->14955 14956 1000d4b5 14954->14956 14955->14849 14956->14849 14958 10006842 InternetOpenUrlA 14957->14958 14959 10006818 14957->14959 14961 10006860 InternetCloseHandle 14958->14961 14962 1000687c InternetReadFile 14958->14962 15062 10007900 14959->15062 14961->14959 14964 100068b6 14962->14964 14971 100068ed 14962->14971 14964->14971 15075 1000d810 14964->15075 14966 10006949 14967 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14966->14967 14969 10006961 14967->14969 14969->14852 14970 100068d3 InternetReadFile 14970->14964 14970->14971 14972 10006922 InternetCloseHandle InternetCloseHandle 14971->14972 14973 10006947 14972->14973 14974 10006937 ??3@YAXPAX 14972->14974 14973->14966 14974->14973 14976 10008327 14975->14976 14977 1000831a 14975->14977 14976->14977 14978 10008335 strchr 14976->14978 14977->14856 14978->14977 14980 10007d03 14979->14980 15106 100084b0 14980->15106 14983 10007d64 15121 100086b0 14983->15121 14984 10007d59 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14984->14983 14987 10006cbd 14988 10007b50 14987->14988 14989 10007b91 14988->14989 14999 10007b8a 14988->14999 15657 10007e30 14989->15657 14991 10007bb9 15660 100081d0 14991->15660 14992 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 14994 10006d92 14992->14994 14994->14861 15005 10007770 14994->15005 14996 10007c5a 14997 10007c85 ?_Decref@facet@locale@std@@QAEPAV123 14996->14997 14996->14999 14997->14999 14999->14992 15000 10007c4b 15001 100081d0 92 API calls 15000->15001 15001->14996 15002 100081d0 92 API calls 15003 10007c04 15002->15003 15003->14996 15003->15000 15003->15002 15004 10007ef0 76 API calls 15003->15004 15004->15003 15863 100077e0 15005->15863 15008 1000d3c0 15009 1000d3d2 ?_Xout_of_range@std@@YAXPBD 15008->15009 15010 1000d3dd 15008->15010 15009->15010 15011 1000d409 15010->15011 15012 1000d3eb 15010->15012 15013 1000d7c0 9 API calls 15011->15013 15875 1000d340 15012->15875 15018 1000d410 15013->15018 15016 1000d340 2 API calls 15017 1000d401 15016->15017 15017->14868 15019 1000d42e memcpy 15018->15019 15020 1000d444 15018->15020 15019->15020 15020->14868 15022 100065c8 ??2@YAPAXI 15021->15022 15023 100065d7 15021->15023 15022->15023 15024 1000f5f0 22 API calls 15023->15024 15025 100065f9 lstrlenA 15024->15025 15026 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15025->15026 15027 1000660d 15026->15027 15027->14890 15027->14891 15029 1000f6a8 15028->15029 15040 1000f699 15028->15040 15031 1000f709 RegQueryValueExA 15029->15031 15032 1000f79e RegQueryValueExA 15029->15032 15033 1000f6bf RegQueryValueExA 15029->15033 15034 1000f7df RegQueryValueExA 15029->15034 15029->15040 15037 1000f740 15031->15037 15031->15040 15038 1000f7d1 wsprintfA 15032->15038 15032->15040 15036 1000f6f6 lstrcpyA 15033->15036 15033->15040 15034->15038 15034->15040 15035 1000f838 15039 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15035->15039 15036->15040 15043 1000f755 strncat strncat strchr 15037->15043 15044 1000f78b lstrcpyA 15037->15044 15038->15040 15042 10006522 lstrlenA 15039->15042 15045 1000f85a RegCloseKey RegCloseKey 15040->15045 15042->14937 15042->14938 15043->15037 15044->15040 15045->15035 15047 1000d68b 15046->15047 15048 1000d6c7 ??2@YAPAXI 15047->15048 15049 1000d6da ??0exception@std@@QAE@ABQBD _CxxThrowException 15047->15049 15055 1000d6d5 15047->15055 15048->15049 15048->15055 15057 1000d600 15049->15057 15051 1000d748 15052 1000d75a 15051->15052 15053 1000d74e ??3@YAXPAX 15051->15053 15052->14945 15053->15052 15055->15051 15056 1000d73a memcpy 15055->15056 15056->15051 15058 1000d648 15057->15058 15059 1000d60c 15057->15059 15058->14945 15060 1000d611 ??2@YAPAXI 15059->15060 15061 1000d61f ??0exception@std@@QAE@ABQBD _CxxThrowException 15059->15061 15060->15058 15060->15061 15061->15058 15063 10007940 15062->15063 15064 100079b4 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12 15063->15064 15072 100079bc 15063->15072 15064->15072 15066 10007a2c ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J 15067 100079d7 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N ?uncaught_exception@std@ 15066->15067 15068 10007a4b 15066->15068 15069 10007a97 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 15067->15069 15070 10006830 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z 15067->15070 15068->15067 15074 10007af3 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 15068->15074 15069->15070 15070->14966 15071 10007a22 15071->15066 15071->15067 15072->15066 15072->15067 15072->15071 15073 100079ff ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 15072->15073 15073->15071 15073->15072 15074->15067 15074->15068 15076 1000d81e 15075->15076 15077 1000d86f 15075->15077 15076->15077 15082 1000d840 15076->15082 15078 1000d88a 15077->15078 15079 1000d87f ?_Xlength_error@std@@YAXPBD 15077->15079 15089 1000d8c3 15078->15089 15100 1000d7c0 15078->15100 15079->15078 15081 1000d897 15086 1000d8a7 memcpy 15081->15086 15081->15089 15083 1000d845 15082->15083 15084 1000d85a 15082->15084 15091 1000d550 15083->15091 15085 1000d550 12 API calls 15084->15085 15088 1000d869 15085->15088 15086->15089 15088->14970 15089->14970 15092 1000d564 ?_Xout_of_range@std@@YAXPBD 15091->15092 15093 1000d56f 15091->15093 15092->15093 15094 1000d583 ?_Xlength_error@std@@YAXPBD 15093->15094 15095 1000d58e 15093->15095 15094->15095 15096 1000d7c0 9 API calls 15095->15096 15099 1000d5d7 15095->15099 15097 1000d59d 15096->15097 15098 1000d5bb memcpy 15097->15098 15097->15099 15098->15099 15099->14970 15101 1000d7d0 15100->15101 15102 1000d7c5 ?_Xlength_error@std@@YAXPBD 15100->15102 15103 1000d7eb 15101->15103 15104 1000d650 8 API calls 15101->15104 15102->15101 15103->15081 15105 1000d7e2 15104->15105 15105->15081 15125 10009610 15106->15125 15109 100084ee 15147 10009ab0 ??2@YAPAXI 15109->15147 15110 10007d4f 15110->14983 15110->14984 15114 100086b0 ??2@YAPAXI 15114->15109 15115 10008310 strchr 15119 100084fb 15115->15119 15116 10009610 142 API calls 15116->15119 15117 10008560 ??2@YAPAXI 15117->15119 15118 10008658 ??2@YAPAXI 15118->15119 15119->15110 15119->15115 15119->15116 15119->15117 15119->15118 15120 100085d3 ??2@YAPAXI 15119->15120 15120->15119 15122 100086c0 ??2@YAPAXI 15121->15122 15124 10007d6a ??2@YAPAXI 15122->15124 15124->14987 15126 100084d0 15125->15126 15144 10009623 15125->15144 15126->15109 15126->15110 15145 10009a50 ??2@YAPAXI 15126->15145 15127 10009666 ??2@YAPAXI 15127->15144 15128 10009651 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15128->15144 15131 10008310 strchr 15131->15144 15134 100099f5 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15134->15144 15137 100095c0 strchr 15137->15144 15138 1000ac80 ??2@YAPAXI 15138->15144 15139 10009867 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15139->15144 15140 1000990f ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15140->15144 15141 100099bf ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15141->15144 15142 100099d2 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15142->15144 15144->15126 15144->15127 15144->15128 15144->15131 15144->15134 15144->15137 15144->15138 15144->15139 15144->15140 15144->15141 15144->15142 15151 1000a930 15144->15151 15173 1000a850 15144->15173 15187 1000a9e0 15144->15187 15212 1000aa90 15144->15212 15238 1000abc0 ??2@YAPAXI 15144->15238 15240 1000ac20 ??2@YAPAXI 15144->15240 15242 1000ace0 15144->15242 15146 100084e6 15145->15146 15146->15114 15148 10009ac6 ??2@YAPAXI 15147->15148 15150 10009b16 15148->15150 15150->15119 15152 1000a9b1 15151->15152 15153 1000a93c 15151->15153 15266 1000b460 15152->15266 15260 1000ba60 15153->15260 15156 1000a9b8 15158 1000a963 15156->15158 15159 1000a9bc 15156->15159 15163 1000ace0 52 API calls 15158->15163 15161 1000a9d1 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15159->15161 15300 1000b160 15159->15300 15160 1000a951 15162 1000a95a 15160->15162 15168 1000a973 15160->15168 15166 1000a9dc 15161->15166 15162->15158 15162->15161 15165 1000a971 15163->15165 15165->15144 15166->15144 15167 1000a9a4 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15167->15144 15168->15167 15170 1000a999 15168->15170 15169 1000a9cd 15169->15161 15169->15166 15264 1000b7d0 ??2@YAPAXI 15170->15264 15174 1000b760 ??2@YAPAXI 15173->15174 15182 1000a85d 15174->15182 15175 1000a8ac 15176 1000a917 15175->15176 15179 1000a8d0 15175->15179 15180 1000a8c9 15175->15180 15423 1000b2a0 15176->15423 15177 10008310 strchr 15177->15175 15408 1000c3a0 15179->15408 15396 1000c2b0 15180->15396 15181 1000a91e 15181->15144 15182->15175 15182->15177 15185 10008310 strchr 15185->15176 15186 1000a8ce 15186->15185 15188 1000a9ee 15187->15188 15190 1000aa06 15187->15190 15189 1000a9f4 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15188->15189 15188->15190 15189->15144 15191 1000aa6d 15190->15191 15192 1000aa10 15190->15192 15193 1000aa26 15191->15193 15194 1000aa77 15191->15194 15195 100095c0 strchr 15192->15195 15577 1000b6b0 ??2@YAPAXI 15193->15577 15590 1000b610 15194->15590 15198 1000aa17 15195->15198 15201 100095c0 strchr 15198->15201 15202 1000aa21 15201->15202 15202->15193 15203 1000aa33 15202->15203 15204 1000aa47 15203->15204 15205 1000aa38 15203->15205 15207 1000aa5b ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15204->15207 15208 1000aa4c 15204->15208 15583 1000b730 15205->15583 15207->15144 15210 1000b730 143 API calls 15208->15210 15211 1000aa54 15210->15211 15211->15144 15214 1000aaab 15212->15214 15215 1000aaa6 15212->15215 15213 10008310 strchr 15217 1000ab88 15213->15217 15214->15213 15215->15214 15216 1000abba 15215->15216 15218 100095c0 strchr 15215->15218 15216->15144 15219 1000abae 15217->15219 15222 1000ab97 15217->15222 15221 1000aad0 15218->15221 15220 1000b830 54 API calls 15219->15220 15220->15216 15223 1000ba60 strchr 15221->15223 15224 100095c0 strchr 15222->15224 15225 1000aade 15223->15225 15226 1000ab9e 15224->15226 15227 1000aaf0 15225->15227 15228 1000aae5 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15225->15228 15605 1000b830 15226->15605 15231 100095c0 strchr 15227->15231 15234 1000aafa 15227->15234 15228->15227 15232 1000ab05 15231->15232 15232->15234 15602 1000b140 15232->15602 15233 1000ab36 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15233->15214 15234->15214 15234->15233 15237 1000ab16 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15237->15234 15239 1000abd1 15238->15239 15239->15144 15241 1000ac31 15240->15241 15241->15144 15243 1000ad11 15242->15243 15245 1000ad1e 15243->15245 15612 1000b930 ??2@YAPAXI 15243->15612 15246 1000ad28 15245->15246 15247 1000ad7f 15245->15247 15248 1000ad6e ?tolower@?$ctype@D@std@@QBEDD 15246->15248 15614 10008b50 ?_Incref@facet@locale@std@ 15246->15614 15249 1000ad92 15247->15249 15615 10008730 15247->15615 15248->15249 15250 1000ada0 realloc 15249->15250 15251 1000adbd 15249->15251 15250->15251 15254 1000adb7 ?_Xmem@tr1@std@ 15250->15254 15251->15144 15254->15251 15255 1000ad3b 15256 1000d120 9 API calls 15255->15256 15257 1000ad49 15256->15257 15257->15248 15258 1000ad5a ?_Decref@facet@locale@std@@QAEPAV123 15257->15258 15258->15248 15259 1000ad64 15258->15259 15259->15248 15261 1000a94a 15260->15261 15263 1000ba7b 15260->15263 15261->15152 15261->15160 15262 10008310 strchr 15262->15263 15263->15261 15263->15262 15265 1000a9a2 15264->15265 15265->15144 15268 1000b475 15266->15268 15267 1000b521 15269 1000b576 15267->15269 15271 1000b530 15267->15271 15268->15267 15275 1000b47c 15268->15275 15270 1000b59d 15269->15270 15273 1000b582 15269->15273 15272 1000b5c4 15270->15272 15277 1000b5a9 15270->15277 15316 100095c0 15271->15316 15278 1000b604 15272->15278 15284 1000ba60 strchr 15272->15284 15280 100095c0 strchr 15273->15280 15279 10008310 strchr 15275->15279 15283 100095c0 strchr 15277->15283 15331 1000bcc0 15278->15331 15299 1000b51c 15279->15299 15285 1000b589 15280->15285 15288 1000b5b0 15283->15288 15289 1000b5da 15284->15289 15290 1000ba60 strchr 15285->15290 15286 1000b549 15293 1000b54d ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15286->15293 15296 1000b554 15286->15296 15287 1000b60b 15287->15156 15294 1000ba60 strchr 15288->15294 15289->15278 15295 1000b597 15289->15295 15290->15295 15291 1000b5f8 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15292 1000b5ff 15291->15292 15292->15156 15293->15296 15294->15295 15297 1000b5e6 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15295->15297 15295->15299 15298 100095c0 strchr 15296->15298 15297->15299 15298->15299 15299->15291 15299->15292 15365 1000be90 15300->15365 15303 1000b1b0 15303->15169 15304 1000b1d4 15371 1000c6e0 15304->15371 15309 1000b1fa 15311 1000d120 9 API calls 15309->15311 15310 1000b223 15312 10008310 strchr 15310->15312 15313 1000b208 15311->15313 15314 1000b288 15312->15314 15313->15310 15315 1000b219 ?_Decref@facet@locale@std@@QAEPAV123 15313->15315 15314->15169 15315->15310 15319 100095cc 15316->15319 15317 10008310 strchr 15318 10009603 15317->15318 15320 10008800 15318->15320 15319->15317 15321 10008831 15320->15321 15322 1000889e 15320->15322 15323 1000886a 15321->15323 15342 10008b50 ?_Incref@facet@locale@std@ 15321->15342 15324 100088ab 15322->15324 15353 10008a00 15322->15353 15323->15286 15324->15286 15327 10008841 15343 1000d120 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 15327->15343 15329 1000884f 15329->15323 15330 10008860 ?_Decref@facet@locale@std@@QAEPAV123 15329->15330 15330->15323 15332 1000bcf0 15331->15332 15341 1000bd32 15331->15341 15332->15341 15364 10008b50 ?_Incref@facet@locale@std@ 15332->15364 15334 1000bd09 15336 1000d120 9 API calls 15334->15336 15335 1000be18 15335->15287 15338 1000bd17 15336->15338 15337 10008310 strchr 15339 1000be05 15337->15339 15340 1000bd28 ?_Decref@facet@locale@std@@QAEPAV123 15338->15340 15338->15341 15339->15287 15340->15341 15341->15335 15341->15337 15342->15327 15344 1000d178 15343->15344 15345 1000d193 15344->15345 15346 1000d188 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 15344->15346 15347 1000d1f7 ??1_Lockit@std@@QAE 15345->15347 15348 1000d1ac ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@ 15345->15348 15346->15345 15347->15329 15349 1000d1db ?_Incref@facet@locale@std@ 15348->15349 15350 1000d1bf ??0bad_cast@std@@QAE@PBD _CxxThrowException 15348->15350 15361 1000fabc ??2@YAPAXI 15349->15361 15350->15349 15354 10008a5d 15353->15354 15355 10008a2a 15353->15355 15354->15324 15363 10008b50 ?_Incref@facet@locale@std@ 15355->15363 15357 10008a34 15358 1000d120 9 API calls 15357->15358 15359 10008a42 15358->15359 15359->15354 15360 10008a53 ?_Decref@facet@locale@std@@QAEPAV123 15359->15360 15360->15354 15362 1000d1f4 15361->15362 15362->15347 15363->15357 15364->15334 15366 1000b1a8 15365->15366 15367 1000bea3 15365->15367 15366->15303 15366->15304 15369 1000b760 ??2@YAPAXI 15366->15369 15367->15366 15377 1000c760 15367->15377 15370 1000b771 15369->15370 15370->15304 15373 1000c6f0 15371->15373 15372 10008800 12 API calls 15372->15373 15373->15372 15374 1000b1e1 15373->15374 15375 1000c707 ??2@YAPAXI 15373->15375 15374->15310 15376 10008b50 ?_Incref@facet@locale@std@ 15374->15376 15375->15373 15376->15309 15378 1000c791 15377->15378 15379 1000c7ce ?tolower@?$ctype@D@std@@QBEDD 15377->15379 15394 10008b50 ?_Incref@facet@locale@std@ 15378->15394 15380 1000c823 ?tolower@?$ctype@D@std@@QBEDD 15379->15380 15381 1000c7e6 15379->15381 15380->15367 15395 10008b50 ?_Incref@facet@locale@std@ 15381->15395 15383 1000c79b 15385 1000d120 9 API calls 15383->15385 15387 1000c7a9 15385->15387 15386 1000c7f0 15388 1000d120 9 API calls 15386->15388 15387->15379 15389 1000c7ba ?_Decref@facet@locale@std@@QAEPAV123 15387->15389 15390 1000c7fe 15388->15390 15389->15379 15391 1000c7c4 15389->15391 15390->15380 15392 1000c80f ?_Decref@facet@locale@std@@QAEPAV123 15390->15392 15391->15379 15392->15380 15393 1000c819 15392->15393 15393->15380 15394->15383 15395->15386 15397 1000c2e1 15396->15397 15398 1000c337 15396->15398 15399 1000c327 ?tolower@?$ctype@D@std@@QBEDD 15397->15399 15447 10008b50 ?_Incref@facet@locale@std@ 15397->15447 15400 1000c340 ??2@YAPAXI 15398->15400 15401 1000c34f 15398->15401 15399->15398 15400->15401 15401->15186 15403 1000c2f4 15404 1000d120 9 API calls 15403->15404 15405 1000c302 15404->15405 15405->15399 15406 1000c313 ?_Decref@facet@locale@std@@QAEPAV123 15405->15406 15406->15399 15407 1000c31d 15406->15407 15407->15399 15409 1000c3d1 15408->15409 15410 1000c429 15408->15410 15412 1000c417 ?tolower@?$ctype@D@std@@QBEDD 15409->15412 15448 10008b50 ?_Incref@facet@locale@std@ 15409->15448 15411 1000c433 ??2@YAPAXI 15410->15411 15416 1000c442 15410->15416 15411->15416 15412->15410 15413 1000c45b realloc 15414 1000c478 15413->15414 15417 1000c472 ?_Xmem@tr1@std@ 15413->15417 15414->15186 15416->15413 15416->15414 15417->15414 15418 1000c3e4 15419 1000d120 9 API calls 15418->15419 15420 1000c3f2 15419->15420 15420->15412 15421 1000c403 ?_Decref@facet@locale@std@@QAEPAV123 15420->15421 15421->15412 15422 1000c40d 15421->15422 15422->15412 15449 1000bb30 15423->15449 15425 1000b2d9 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15430 1000b2b0 15425->15430 15426 1000b3f7 15426->15181 15427 1000c3a0 15 API calls 15427->15430 15428 10008310 strchr 15428->15430 15429 1000c2b0 13 API calls 15429->15430 15430->15425 15430->15426 15430->15427 15430->15428 15430->15429 15431 1000bb30 85 API calls 15430->15431 15432 1000b3fe 15430->15432 15434 1000b351 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15430->15434 15437 10008730 39 API calls 15430->15437 15438 1000b398 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15430->15438 15479 1000bf40 15430->15479 15431->15430 15433 1000b425 15432->15433 15435 1000b419 15432->15435 15436 1000c3a0 15 API calls 15433->15436 15434->15430 15439 1000c2b0 13 API calls 15435->15439 15440 1000b423 15436->15440 15437->15430 15438->15430 15439->15440 15442 1000b445 15440->15442 15443 1000b439 15440->15443 15444 1000c3a0 15 API calls 15442->15444 15445 1000c2b0 13 API calls 15443->15445 15444->15426 15446 1000b43e 15445->15446 15446->15181 15447->15403 15448->15418 15450 1000bc01 15449->15450 15454 1000bb41 15449->15454 15451 1000bc95 15450->15451 15457 1000bc0a 15450->15457 15452 1000bcb8 15451->15452 15458 100095c0 strchr 15451->15458 15452->15430 15453 10008310 strchr 15456 1000bb81 15453->15456 15454->15453 15455 10008310 strchr 15459 1000bc4a 15455->15459 15460 1000bb96 15456->15460 15461 1000bb8b 15456->15461 15457->15455 15463 1000bcaf 15458->15463 15465 100095c0 strchr 15459->15465 15467 1000bc5c 15459->15467 15466 1000bbf1 15460->15466 15469 1000bbd4 15460->15469 15470 1000bbbb 15460->15470 15510 1000c620 15461->15510 15463->15430 15464 1000bb92 15464->15430 15468 1000bc75 15465->15468 15466->15430 15467->15430 15527 1000c4a0 15468->15527 15469->15466 15475 100095c0 strchr 15469->15475 15472 100095c0 strchr 15470->15472 15474 1000bbcb 15472->15474 15474->15430 15477 1000bbe8 15475->15477 15477->15430 15480 1000bf7b 15479->15480 15504 1000c035 15479->15504 15481 1000bfc4 ?tolower@?$ctype@D@std@@QBEDD 15480->15481 15575 10008b50 ?_Incref@facet@locale@std@ 15480->15575 15484 1000bfe1 15481->15484 15485 1000c01e ?tolower@?$ctype@D@std@@QBEDD 15481->15485 15483 1000c0b1 15486 1000c102 15483->15486 15508 1000c0c4 15483->15508 15576 10008b50 ?_Incref@facet@locale@std@ 15484->15576 15485->15504 15490 1000c109 ??2@YAPAXI 15486->15490 15491 1000c118 15486->15491 15487 1000bf8e 15489 1000d120 9 API calls 15487->15489 15494 1000bf9c 15489->15494 15490->15491 15495 1000c158 15491->15495 15496 1000c134 realloc 15491->15496 15492 1000bfeb 15493 1000d120 9 API calls 15492->15493 15498 1000bff9 15493->15498 15501 1000bfb7 15494->15501 15502 1000bfad ?_Decref@facet@locale@std@@QAEPAV123 15494->15502 15500 1000c179 realloc 15495->15500 15509 1000c0ee 15495->15509 15496->15495 15497 1000c14f ?_Xmem@tr1@std@ 15496->15497 15497->15495 15498->15485 15505 1000c00a ?_Decref@facet@locale@std@@QAEPAV123 15498->15505 15499 1000c3a0 15 API calls 15499->15508 15506 1000c190 ?_Xmem@tr1@std@ 15500->15506 15500->15509 15501->15481 15502->15501 15503 1000c061 ??2@YAPAXI 15503->15504 15504->15483 15504->15503 15505->15485 15507 1000c014 15505->15507 15506->15509 15507->15485 15508->15499 15508->15509 15509->15430 15511 1000c682 15510->15511 15512 1000c62e 15510->15512 15513 1000c692 15511->15513 15515 1000b160 20 API calls 15511->15515 15512->15511 15514 1000c634 15512->15514 15516 1000ba60 strchr 15513->15516 15520 1000c696 15513->15520 15517 10008310 strchr 15514->15517 15515->15513 15518 1000c6ab 15516->15518 15519 1000c67b 15517->15519 15521 1000c6b2 15518->15521 15522 1000c6cb 15518->15522 15519->15464 15520->15464 15524 1000c6c4 15521->15524 15525 1000c6b9 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15521->15525 15523 1000b460 17 API calls 15522->15523 15526 1000c6d2 15523->15526 15524->15464 15525->15524 15526->15464 15528 1000c4ba 15527->15528 15529 1000c50e 15527->15529 15530 1000c508 15528->15530 15534 10008310 strchr 15528->15534 15531 1000c513 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15529->15531 15532 1000c524 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15529->15532 15530->15529 15533 1000c540 15530->15533 15552 1000c580 15531->15552 15532->15552 15535 1000c582 15533->15535 15536 1000c545 15533->15536 15534->15528 15538 1000c587 15535->15538 15543 1000c5a5 15535->15543 15537 1000be90 14 API calls 15536->15537 15540 1000c560 15537->15540 15541 1000c59a 15538->15541 15542 1000c58d ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15538->15542 15539 10008310 strchr 15544 1000bc7e 15539->15544 15545 1000c573 15540->15545 15546 1000c568 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15540->15546 15558 1000c9c0 15541->15558 15542->15552 15548 1000c5b0 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15543->15548 15549 1000c5bd 15543->15549 15543->15552 15553 1000a7f0 15544->15553 15551 1000c6e0 13 API calls 15545->15551 15546->15545 15548->15552 15569 1000cb20 15549->15569 15551->15552 15552->15539 15554 1000a7fe ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15553->15554 15557 1000a808 15553->15557 15554->15557 15555 10008310 strchr 15556 1000a848 15555->15556 15556->15430 15557->15555 15559 1000cb90 58 API calls 15558->15559 15563 1000ca00 15559->15563 15560 1000cb90 58 API calls 15560->15563 15561 1000ca77 ??3@YAXPAX 15561->15563 15562 1000ca91 ??2@YAPAXI 15562->15563 15563->15560 15563->15561 15563->15562 15564 1000caed 15563->15564 15565 1000cb00 15564->15565 15566 1000caf3 ??3@YAXPAX 15564->15566 15567 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15565->15567 15566->15565 15568 1000cb17 15567->15568 15568->15552 15570 1000cb31 15569->15570 15571 1000cb4a ??2@YAPAXI 15569->15571 15570->15571 15572 1000cb5b 15570->15572 15571->15572 15573 1000cd10 realloc ?_Xmem@tr1@std@ 15572->15573 15574 1000cb81 15573->15574 15574->15552 15575->15487 15576->15492 15578 1000b6cd 15577->15578 15579 100084b0 144 API calls 15578->15579 15580 1000b715 15579->15580 15581 100086b0 ??2@YAPAXI 15580->15581 15582 1000aa2c 15581->15582 15582->15144 15598 1000c1c0 ??2@YAPAXI 15583->15598 15586 100084b0 145 API calls 15587 1000b74d 15586->15587 15588 100086b0 ??2@YAPAXI 15587->15588 15589 1000aa40 15588->15589 15589->15144 15591 1000b622 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15590->15591 15592 1000b62d ??2@YAPAXI 15590->15592 15591->15592 15593 1000b644 15592->15593 15594 100084b0 143 API calls 15593->15594 15595 1000b68f 15594->15595 15596 100086b0 ??2@YAPAXI 15595->15596 15597 1000aa7c 15596->15597 15597->15144 15599 1000c1fc ??2@YAPAXI 15598->15599 15601 1000b744 15599->15601 15601->15586 15603 1000ba60 strchr 15602->15603 15604 1000ab12 15603->15604 15604->15234 15604->15237 15606 1000b858 ??2@YAPAXI 15605->15606 15607 1000b83d 15605->15607 15608 1000b871 ??2@YAPAXI 15606->15608 15607->15606 15609 1000ace0 52 API calls 15607->15609 15611 1000abaa 15608->15611 15609->15606 15611->15144 15613 1000b941 15612->15613 15613->15245 15614->15255 15616 1000875f 15615->15616 15620 10008793 15615->15620 15627 10008b50 ?_Incref@facet@locale@std@ 15616->15627 15618 10008769 15628 10009b60 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 15618->15628 15622 100087d9 15620->15622 15623 100087cf ??3@YAXPAX 15620->15623 15621 10008776 15621->15620 15624 10008789 ?_Decref@facet@locale@std@@QAEPAV123 15621->15624 15625 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15622->15625 15623->15622 15624->15620 15626 100087f2 15625->15626 15626->15249 15627->15618 15629 10009bbb 15628->15629 15630 10009bcb ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 15629->15630 15631 10009bd6 15629->15631 15630->15631 15632 10009c37 ??1_Lockit@std@@QAE 15631->15632 15633 10009bec 15631->15633 15639 10009c80 15631->15639 15632->15621 15633->15632 15636 10009c01 ??0bad_cast@std@@QAE@PBD _CxxThrowException 15637 10009c1d ?_Incref@facet@locale@std@ 15636->15637 15638 1000fabc std::locale::facet::_Facet_Register ??2@YAPAXI 15637->15638 15638->15633 15640 10009d81 15639->15640 15641 10009cc3 15639->15641 15642 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15640->15642 15641->15640 15643 10009ccb ??2@YAPAXI 15641->15643 15646 10009bf9 15642->15646 15644 10009ce2 15643->15644 15645 10009d4a 15643->15645 15653 1000d090 15644->15653 15648 10009d5a ??1_Locinfo@std@@QAE 15645->15648 15651 10009d69 15645->15651 15646->15636 15646->15637 15648->15651 15651->15640 15652 10009d74 ??3@YAXPAX 15651->15652 15652->15640 15654 1000d0a6 15653->15654 15655 1000d460 15 API calls 15654->15655 15656 10009ced ??0_Locinfo@std@@QAE@PBD ??0facet@locale@std@@IAE@I ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@ 15655->15656 15656->15645 15658 10007e40 15657->15658 15658->15658 15659 10007e6b ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ 15658->15659 15659->14991 15676 10008d30 15660->15676 15663 10007bc6 15663->14996 15665 10007ef0 15663->15665 15666 10007f03 15665->15666 15668 10007f8b 15666->15668 15671 10008154 15666->15671 15672 10007fe8 15666->15672 15674 10007f37 15666->15674 15667 100091b0 53 API calls 15667->15668 15668->15667 15668->15674 15669 10007ef0 76 API calls 15669->15671 15670 10008730 39 API calls 15670->15672 15671->15669 15671->15674 15672->15670 15673 10008800 12 API calls 15672->15673 15672->15674 15675 100092b0 64 API calls 15672->15675 15673->15672 15674->15003 15675->15672 15682 10008d4e 15676->15682 15684 10008217 15676->15684 15677 1000912a ??0exception@std@@QAE@ABQBD _CxxThrowException 15681 10008d30 82 API calls 15681->15682 15682->15677 15682->15681 15682->15684 15685 10008e0c strchr 15682->15685 15687 10008e34 strchr 15682->15687 15692 100091b0 15682->15692 15700 1000a040 15682->15700 15716 1000a2f0 15682->15716 15724 10009db0 15682->15724 15728 10009e50 15682->15728 15684->15663 15688 10008a80 15684->15688 15685->15682 15687->15682 15689 10008ae5 15688->15689 15691 10008aa5 15688->15691 15689->15691 15846 10008b60 15689->15846 15691->15663 15691->15691 15693 100091c9 15692->15693 15694 100091eb 15692->15694 15744 1000a380 15693->15744 15696 10009216 15694->15696 15755 1000a570 15694->15755 15696->15682 15701 1000a07e 15700->15701 15704 1000a0de 15700->15704 15702 1000a0cb ?tolower@?$ctype@D@std@@QBEDD 15701->15702 15759 10008b50 ?_Incref@facet@locale@std@ 15701->15759 15702->15704 15706 1000a10b 15704->15706 15707 10008730 39 API calls 15704->15707 15712 1000a136 15704->15712 15705 1000a095 15708 1000d120 9 API calls 15705->15708 15706->15682 15707->15712 15709 1000a0a3 15708->15709 15709->15702 15710 1000a0b7 ?_Decref@facet@locale@std@@QAEPAV123 15709->15710 15710->15702 15713 1000a0c1 15710->15713 15711 10008800 12 API calls 15714 1000a1ec 15711->15714 15712->15706 15712->15711 15712->15714 15713->15702 15714->15706 15760 100092b0 15714->15760 15717 1000a328 15716->15717 15718 1000a308 15716->15718 15720 1000a34f 15717->15720 15842 1000b030 15717->15842 15831 1000ae40 15718->15831 15720->15682 15726 10009ddf 15724->15726 15727 10009e25 15724->15727 15725 10008d30 86 API calls 15725->15726 15726->15725 15726->15727 15727->15682 15729 10009e93 15728->15729 15730 10009ec8 15728->15730 15729->15730 15731 10008d30 86 API calls 15729->15731 15733 10009f1d 15729->15733 15732 10008d30 86 API calls 15730->15732 15731->15729 15734 10009efe 15732->15734 15736 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15733->15736 15735 10009f08 15734->15735 15739 1000a009 15734->15739 15742 10008d30 86 API calls 15734->15742 15737 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15735->15737 15738 10009f37 15736->15738 15740 10009f17 15737->15740 15738->15682 15741 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15739->15741 15740->15682 15743 1000a038 15741->15743 15742->15734 15743->15682 15745 1000a522 15744->15745 15748 1000a3c5 15744->15748 15747 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15745->15747 15746 10008b50 ?_Incref@facet@locale@std@ 15746->15748 15749 100091dc 15747->15749 15748->15745 15748->15746 15750 10009b60 36 API calls 15748->15750 15751 1000a456 ??3@YAXPAX 15748->15751 15752 1000a40d ?_Decref@facet@locale@std@@QAEPAV123 15748->15752 15753 1000a4ed ??3@YAXPAX 15748->15753 15754 1000a4a7 ?_Decref@facet@locale@std@@QAEPAV123 15748->15754 15749->15682 15750->15748 15751->15748 15752->15748 15753->15748 15754->15748 15757 1000a58b 15755->15757 15758 10009207 15755->15758 15756 1000c760 14 API calls 15756->15757 15757->15756 15757->15758 15758->15682 15759->15705 15783 1000a670 15760->15783 15765 1000933d ??3@YAXPAX 15779 1000934a 15765->15779 15766 100094df 15767 100094f1 15766->15767 15768 100094e4 ??3@YAXPAX 15766->15768 15769 10009515 15767->15769 15770 10009508 ??3@YAXPAX 15767->15770 15768->15767 15772 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15769->15772 15770->15769 15771 1000d460 15 API calls 15771->15779 15773 1000952f 15772->15773 15773->15706 15774 1000a670 56 API calls 15774->15779 15775 10009405 ??3@YAXPAX 15775->15779 15776 100093ab ??3@YAXPAX 15776->15779 15777 100093cc memmove 15777->15779 15778 10009533 15780 1000954a 15778->15780 15781 1000953d ??3@YAXPAX 15778->15781 15779->15766 15779->15771 15779->15774 15779->15775 15779->15776 15779->15777 15779->15778 15780->15769 15782 10009561 ??3@YAXPAX 15780->15782 15781->15780 15782->15769 15784 1000a7c5 15783->15784 15785 1000a6cd 15783->15785 15786 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15784->15786 15815 1000b9f0 15785->15815 15788 10009321 15786->15788 15809 1000d240 15788->15809 15790 1000a733 ?tolower@?$ctype@D@std@@QBEPBDPADPBD 15792 1000a74a 15790->15792 15807 1000a778 15790->15807 15819 10008b50 ?_Incref@facet@locale@std@ 15792->15819 15794 1000a704 15796 1000d120 9 API calls 15794->15796 15795 1000a754 15797 10009b60 36 API calls 15795->15797 15798 1000a70f 15796->15798 15800 1000a75e 15797->15800 15801 1000a727 15798->15801 15802 1000a71d ?_Decref@facet@locale@std@@QAEPAV123 15798->15802 15799 1000d240 2 API calls 15803 1000a7a3 15799->15803 15804 1000a76e ?_Decref@facet@locale@std@@QAEPAV123 15800->15804 15800->15807 15801->15790 15802->15801 15805 1000a7b8 15803->15805 15806 1000a7af ??3@YAXPAX 15803->15806 15804->15807 15805->15784 15808 1000a7bf ??3@YAXPAX 15805->15808 15806->15805 15807->15799 15808->15784 15810 1000d244 15809->15810 15814 1000932f 15809->15814 15811 1000d256 15810->15811 15812 1000d24a ??3@YAXPAX 15810->15812 15813 1000d26d memmove 15811->15813 15811->15814 15812->15811 15813->15814 15814->15765 15814->15779 15820 1000c850 15815->15820 15817 1000a6e5 15817->15790 15818 10008b50 ?_Incref@facet@locale@std@ 15817->15818 15818->15794 15819->15795 15821 1000c889 15820->15821 15824 1000c979 15820->15824 15822 1000c8a2 15821->15822 15823 1000c897 ?_Xlength_error@std@@YAXPBD 15821->15823 15822->15824 15825 1000d600 ??2@YAPAXI ??0exception@std@@QAE@ABQBD _CxxThrowException 15822->15825 15823->15822 15824->15817 15826 1000c8e1 memmove 15825->15826 15827 1000cd80 15826->15827 15828 1000c90e memmove 15827->15828 15829 1000c932 ??3@YAXPAX 15828->15829 15830 1000c93c 15828->15830 15829->15830 15830->15817 15832 1000afe2 15831->15832 15835 1000ae82 15831->15835 15834 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15832->15834 15833 10008b50 ?_Incref@facet@locale@std@ 15833->15835 15836 1000a31c 15834->15836 15835->15832 15835->15833 15837 10009b60 36 API calls 15835->15837 15838 1000aed3 ?_Decref@facet@locale@std@@QAEPAV123 15835->15838 15839 1000af1c ??3@YAXPAX 15835->15839 15840 1000af6d ?_Decref@facet@locale@std@@QAEPAV123 15835->15840 15841 1000afb3 ??3@YAXPAX 15835->15841 15836->15682 15837->15835 15838->15835 15839->15835 15840->15835 15841->15835 15843 1000b044 15842->15843 15845 1000a343 15842->15845 15844 1000c760 14 API calls 15843->15844 15843->15845 15844->15843 15845->15682 15847 10008b8b ?_Xlength_error@std@@YAXPBD 15846->15847 15849 10008b96 15846->15849 15847->15849 15848 10008bd2 15848->15691 15849->15848 15851 10008be0 15849->15851 15852 10008c23 15851->15852 15853 10008c18 ?_Xlength_error@std@@YAXPBD 15851->15853 15856 10008c81 15852->15856 15858 10008cd0 15852->15858 15853->15852 15855 10008c41 15855->15856 15857 10008c77 ??3@YAXPAX 15855->15857 15856->15848 15857->15856 15859 10008d22 15858->15859 15860 10008cdc 15858->15860 15859->15855 15861 10008ce4 ??2@YAPAXI 15860->15861 15862 10008cf9 ??0exception@std@@QAE@ABQBD _CxxThrowException 15860->15862 15861->15859 15861->15862 15862->15859 15864 1000781c 15863->15864 15865 1000783e 15863->15865 15864->15865 15866 1000d460 15 API calls 15864->15866 15867 1000d240 2 API calls 15865->15867 15866->15865 15868 10007882 15867->15868 15869 100078a2 ??3@YAXPAX 15868->15869 15870 100078ae 15868->15870 15869->15870 15871 100078d2 15870->15871 15872 100078c9 ??3@YAXPAX 15870->15872 15873 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15871->15873 15872->15871 15874 10006dd1 15873->15874 15874->15008 15876 1000d34a ?_Xout_of_range@std@@YAXPBD 15875->15876 15877 1000d355 15875->15877 15876->15877 15878 1000d37b memmove 15877->15878 15879 1000d39e 15877->15879 15878->15879 15879->15016 15881 1000f51e SetThreadDesktop 15880->15881 15882 1000f516 15880->15882 15881->15882 15883 1000f529 CloseDesktop 15881->15883 15884 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15882->15884 15883->15882 15885 1000f55a 15884->15885 15885->14796 15885->14798 15886 10003030 15894 10003053 15886->15894 15887 10003107 15890 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15887->15890 15888 100030fd ??_V@YAXPAX 15888->15887 15889 10003094 select 15891 100030e8 15889->15891 15889->15894 15892 10003114 15890->15892 15891->15887 15891->15888 15893 100030b2 recv 15893->15894 15894->15889 15894->15891 15894->15893 15896 100030d0 _errno 15894->15896 15899 10003390 15894->15899 15896->15894 15897 100030d7 _errno 15896->15897 15897->15894 15898 100030e1 _errno 15897->15898 15898->15891 15898->15894 15900 100033a6 15899->15900 15913 10001100 15900->15913 15902 100033b8 memcpy 15911 100033d0 15902->15911 15903 10003522 15903->15894 15904 10003507 15905 100011b0 4 API calls 15904->15905 15906 10003519 15905->15906 15906->15894 15907 10003443 timeGetTime 15921 100011b0 15907->15921 15910 100034cd memmove 15910->15911 15911->15903 15911->15904 15911->15907 15911->15910 15912 100011b0 ceil VirtualAlloc memcpy VirtualFree 15911->15912 15929 10001060 15911->15929 15912->15911 15914 10001111 ceil VirtualAlloc 15913->15914 15915 1000110b 15913->15915 15917 10001170 memcpy 15914->15917 15915->15902 15919 10001199 15917->15919 15920 1000118b VirtualFree 15917->15920 15919->15902 15920->15919 15922 100011bd 15921->15922 15923 100011c6 15922->15923 15924 100011dd ceil 15922->15924 15923->15911 15925 10001215 15924->15925 15926 1000121c VirtualAlloc 15924->15926 15925->15911 15927 10001237 memcpy VirtualFree 15926->15927 15927->15911 15930 10001071 15929->15930 15931 10001100 4 API calls 15930->15931 15932 10001081 memcpy 15931->15932 15933 10001098 15932->15933 15933->15911 15934 10003130 15935 1000317a 15934->15935 15937 10003144 15934->15937 15936 10003158 Sleep 15936->15937 15937->15935 15937->15936 15939 10003190 GetCurrentThreadId 15937->15939 15940 100031be 15939->15940 15941 100031a8 15939->15941 15943 10001100 4 API calls 15940->15943 15942 100031b0 InterlockedExchange 15941->15942 15942->15940 15942->15942 15944 100031df 15943->15944 15945 10001100 4 API calls 15944->15945 15946 10003206 15945->15946 15947 10001060 5 API calls 15946->15947 15948 10003235 15947->15948 15954 10003290 15948->15954 15951 100011b0 4 API calls 15952 1000325f GetCurrentThreadId 15951->15952 15953 1000326f 15952->15953 15953->15937 15955 100032ab 15954->15955 15956 100032ed 15954->15956 15955->15956 15957 100032b2 send 15955->15957 15959 1000324f 15955->15959 15958 100032f3 send 15956->15958 15956->15959 15957->15955 15958->15956 15958->15959 15959->15951 15960 10011150 15967 10010540 15960->15967 15965 1000fb3c __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 7 API calls 15966 10011193 15965->15966 15968 100105c0 WSAStartup 15967->15968 15969 1000fc4b 15968->15969 15972 1000fbaa 15969->15972 15971 1000fc58 15971->15965 15979 10010230 15972->15979 15974 1000fbb6 DecodePointer 15975 1000fbd8 7 API calls 15974->15975 15976 1000fbcc _onexit 15974->15976 15980 1000fc42 _unlock 15975->15980 15977 1000fc39 ___DllMainCRTStartup 15976->15977 15977->15971 15979->15974 15980->15977

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 6 1000dd7c-1000dd84 4->6 7 1000de3d-1000de4a Thread32Next 4->7 8 1000dd86-1000dd8d 6->8 9 1000dded-1000ddf2 6->9 7->1 7->4 8->9 12 1000dd8f-1000dd9b 8->12 10 1000ddf4-1000de00 9->10 11 1000de2d-1000de32 9->11 13 1000de02-1000de0a 10->13 14 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 10->14 17 1000de34-1000de37 11->17 18 1000de39 11->18 15 1000dddb-1000dde5 12->15 16 1000dd9d-1000dda7 12->16 13->11 21 1000de0c-1000de19 13->21 31 1000deb5-1000deca OpenProcess 14->31 32 1000e37b-1000e38b call 1000fb3c 14->32 15->18 19 1000dde7-1000ddeb 15->19 16->14 22 1000ddad-1000ddb5 16->22 17->18 18->7 19->18 24 1000de1b-1000de1d 21->24 25 1000de1f 21->25 22->15 26 1000ddb7-1000ddc4 22->26 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 37 1000ded0-1000dee2 OpenProcessToken 31->37 33->34 34->11 39 1000ddd0 35->39 40 1000ddd2-1000ddd8 call 10006370 35->40 43 1000e374-1000e375 CloseHandle 37->43 44 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 37->44 39->40 40->15 43->32 46 1000df64-1000df86 AdjustTokenPrivileges 44->46 47 1000df88-1000dfa1 LookupPrivilegeValueA 44->47 46->47 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 47->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 47->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->43 79->78
      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
      • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
      • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
      • CloseHandle.KERNEL32(00000000), ref: 1000DE51
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
      • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
      • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
      • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
      • CloseHandle.KERNEL32(?), ref: 1000E35A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
      • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
      • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
      • API String ID: 1580616088-3994885262
      • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
      • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
      • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
      • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 80 10006970-100069dd GetModuleHandleW 81 100069f8-10006a4d OutputDebugStringA memset * 2 gethostname gethostbyname 80->81 82 100069df-100069ed GetProcAddress 80->82 84 10006a53-10006a9a inet_ntoa strcat_s * 2 81->84 85 10006aee-10006b08 inet_addr 81->85 82->81 83 100069ef-100069f5 82->83 83->81 84->85 86 10006a9c-10006a9e 84->86 87 10006b0a-10006b1b 85->87 88 10006b1d-10006b2d 85->88 89 10006aa0-10006aec inet_ntoa strcat_s * 2 86->89 90 10006b2e-10006b93 wsprintfA call 10006480 OutputDebugStringA call 1000d460 call 100067d0 87->90 88->90 89->85 89->89 96 10006b98-10006bae 90->96 97 10006bb1-10006bb6 96->97 97->97 98 10006bb8-10006c36 call 1000d460 ?_Init@locale@std@@CAPAV_Locimp@12@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Incref@facet@locale@std@@QAEXXZ ??2@YAPAXI@Z 97->98 101 10006c53 98->101 102 10006c38-10006c51 98->102 103 10006c55-10006cc1 call 10008310 call 10007cc0 101->103 102->103 108 10006cc3 103->108 109 10006cc6-10006cce 103->109 108->109 110 10006cd0-10006cd3 109->110 111 10006cf4-10006d5d 109->111 110->111 112 10006cd5-10006cdd 110->112 113 10006d63-10006d69 111->113 114 10006e4c-10006e4e 111->114 112->111 116 10006cdf-10006cf2 112->116 115 10006d6b-10006d74 113->115 114->115 117 10006d76 115->117 118 10006d7c-10006d97 call 10007b50 115->118 116->111 117->118 122 10006e92-10006f09 OutputDebugStringA ?_Init@locale@std@@CAPAV_Locimp@12@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Incref@facet@locale@std@@QAEXXZ ??2@YAPAXI@Z 118->122 123 10006d9d-10006dc4 118->123 126 10006f26 122->126 127 10006f0b-10006f24 122->127 124 10006dc6 123->124 125 10006dc9-10006e05 call 10007770 call 1000d3c0 123->125 124->125 137 10006e14-10006e26 125->137 138 10006e07-10006e11 ??3@YAXPAX@Z 125->138 129 10006f28-10006f94 call 10008310 call 10007cc0 126->129 127->129 139 10006f96 129->139 140 10006f99-10006fa1 129->140 141 10006e53-10006e59 137->141 142 10006e28-10006e2e 137->142 138->137 139->140 143 10006fa3-10006fa6 140->143 144 10006fc7-10007030 140->144 145 10006e61-10006e74 strncpy 141->145 146 10006e5b 141->146 147 10006e30 142->147 148 10006e36-10006e3e 142->148 143->144 150 10006fa8-10006fb0 143->150 152 10007036-1000703c 144->152 153 1000711f-10007121 144->153 151 10006e7a-10006e80 145->151 146->145 147->148 149 10006e40-10006e48 148->149 149->149 154 10006e4a 149->154 150->144 155 10006fb2-10006fc5 150->155 151->122 156 10006e82-10006e8f ??3@YAXPAX@Z 151->156 157 1000703e-10007049 152->157 153->157 154->151 155->144 156->122 158 10007051-1000706c call 10007b50 157->158 159 1000704b 157->159 163 10007072-10007099 158->163 164 10007165-1000724c OutputDebugStringA * 2 RegOpenKeyA RegQueryValueExA RegCloseKey GetSystemInfo wsprintfA GlobalMemoryStatusEx OutputDebugStringA 158->164 159->158 165 1000709b 163->165 166 1000709e-100070da call 10007770 call 1000d3c0 163->166 167 1000724e-10007250 164->167 165->166 178 100070e9-100070fb 166->178 179 100070dc-100070e6 ??3@YAXPAX@Z 166->179 169 10007270-1000727f 167->169 170 10007252-1000726c capGetDriverDescriptionA 167->170 173 10007281-10007292 169->173 170->167 172 1000726e 170->172 172->169 173->173 175 10007294-100072a1 call 10006550 173->175 183 100072a3-100072b3 wsprintfA 175->183 184 100072b6-100072f1 OutputDebugStringA * 2 175->184 181 10007126-1000712c 178->181 182 100070fd-10007103 178->182 179->178 187 10007134-10007147 strncpy 181->187 188 1000712e 181->188 185 10007105 182->185 186 1000710b-10007111 182->186 183->184 192 100072f3-100072f6 ??3@YAXPAX@Z 184->192 193 100072f9-10007305 184->193 185->186 190 10007113-1000711b 186->190 189 1000714d-10007153 187->189 188->187 189->164 194 10007155-10007162 ??3@YAXPAX@Z 189->194 190->190 195 1000711d 190->195 192->193 196 10007307-1000730a 193->196 197 1000732b-1000733d 193->197 194->164 195->189 196->197 198 1000730c-10007314 196->198 199 10007353-1000735b 197->199 200 1000733f-10007347 ?_Decref@facet@locale@std@@QAEPAV123@XZ 197->200 198->197 201 10007316-10007329 198->201 203 10007363-1000736f 199->203 204 1000735d-10007360 ??3@YAXPAX@Z 199->204 200->199 202 10007349-1000734f 200->202 201->197 202->199 205 10007371-10007374 203->205 206 10007395-100073a7 203->206 204->203 205->206 210 10007376-1000737e 205->210 207 100073a9-100073b1 ?_Decref@facet@locale@std@@QAEPAV123@XZ 206->207 208 100073bd-100073c8 206->208 207->208 212 100073b3-100073b9 207->212 213 100073d6-100073f2 208->213 214 100073ca-100073d3 ??3@YAXPAX@Z 208->214 210->206 211 10007380-10007393 210->211 211->206 212->208 215 10007400-10007421 call 1000fb3c 213->215 216 100073f4-100073fd ??3@YAXPAX@Z 213->216 214->213 216->215
      APIs
      • GetModuleHandleW.KERNEL32(NTDLL,883AEF3E), ref: 100069D5
      • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 100069E5
      • OutputDebugStringA.KERNEL32(10012984), ref: 100069FD
      • memset.MSVCR100 ref: 10006A10
      • memset.MSVCR100 ref: 10006A22
      • gethostname.WS2_32(?,00000100), ref: 10006A36
      • gethostbyname.WS2_32(?), ref: 10006A43
      • inet_ntoa.WS2_32 ref: 10006A5B
      • strcat_s.MSVCR100 ref: 10006A74
      • strcat_s.MSVCR100 ref: 10006A8A
      • inet_ntoa.WS2_32 ref: 10006AAA
      • strcat_s.MSVCR100 ref: 10006ABD
      • strcat_s.MSVCR100 ref: 10006AD7
      • inet_addr.WS2_32(?), ref: 10006AF5
      • wsprintfA.USER32 ref: 10006B2E
      • OutputDebugStringA.KERNEL32(?), ref: 10006B45
      • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(00000000,http://whois.pconline.com.cn/ipJson.jsp), ref: 10006BDE
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10006BEA
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100 ref: 10006BF2
      • ??2@YAPAXI@Z.MSVCR100 ref: 10006C2B
      • ??3@YAXPAX@Z.MSVCR100 ref: 10006E0B
      • strncpy.MSVCR100 ref: 10006E6B
        • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
      • ??3@YAXPAX@Z.MSVCR100 ref: 10006E89
      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?), ref: 10006E99
      • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EB1
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EBD
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?), ref: 10006EC5
      • ??2@YAPAXI@Z.MSVCR100 ref: 10006EFE
      • ??3@YAXPAX@Z.MSVCR100 ref: 100070E0
      • strncpy.MSVCR100 ref: 1000713E
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000715C
      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007172
      • OutputDebugStringA.KERNEL32(100129EC,?,?,?,?,?,?,?,?,?,?,?), ref: 10007179
      • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 1000719D
      • RegQueryValueExA.ADVAPI32(?,~MHz,00000000,?,?,?,?,?,?,?,?), ref: 100071C5
      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071D2
      • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071EB
      • wsprintfA.USER32 ref: 10007204
      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000721E
      • OutputDebugStringA.KERNEL32(100129F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007248
      • capGetDriverDescriptionA.AVICAP32(00000000,?,00000064,?,00000032,?,?,?,?,?,?,?,?), ref: 10007262
      • wsprintfA.USER32 ref: 100072AD
      • OutputDebugStringA.KERNEL32(100129F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072BB
      • OutputDebugStringA.KERNEL32(100129F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072E1
      • ??3@YAXPAX@Z.MSVCR100 ref: 100072F4
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000733F
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000735E
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100073A9
      • ??3@YAXPAX@Z.MSVCR100 ref: 100073D1
      • ??3@YAXPAX@Z.MSVCR100 ref: 100073FB
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@DebugOutputString$Locimp@12@strcat_s$wsprintf$??2@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Init@locale@std@@V123@inet_ntoamemsetstrncpy$AddressCloseDescriptionDriverGlobalHandleInfoMemoryModuleOpenProcQueryStatusSystemValueXout_of_range@std@@gethostbynamegethostnameinet_addr
      • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
      • API String ID: 941699131-3408092411
      • Opcode ID: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
      • Instruction ID: 5937c9bef880f8db1bb605a9ff32026a22730c05f7b93559c92fa2109faa8b67
      • Opcode Fuzzy Hash: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
      • Instruction Fuzzy Hash: 446256B1D012699FEB25DF28CC84A9DB7B5FB48340F4185E9E54DA7242DB70AE84CF90
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 294 1000de90-1000deaf call 10005720 297 1000deb5-1000deca OpenProcess 294->297 298 1000e37b-1000e38b call 1000fb3c 294->298 297->298 300 1000ded0-1000dee2 OpenProcessToken 297->300 302 1000e374-1000e375 CloseHandle 300->302 303 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 300->303 302->298 304 1000df64-1000df86 AdjustTokenPrivileges 303->304 305 1000df88-1000dfa1 LookupPrivilegeValueA 303->305 304->305 306 1000dfa3-1000dfc5 AdjustTokenPrivileges 305->306 307 1000dfc7-1000dfe0 LookupPrivilegeValueA 305->307 306->307 308 1000dfe2-1000e004 AdjustTokenPrivileges 307->308 309 1000e006-1000e01f LookupPrivilegeValueA 307->309 308->309 310 1000e021-1000e043 AdjustTokenPrivileges 309->310 311 1000e045-1000e05e LookupPrivilegeValueA 309->311 310->311 312 1000e060-1000e082 AdjustTokenPrivileges 311->312 313 1000e084-1000e09d LookupPrivilegeValueA 311->313 312->313 314 1000e0c3-1000e0dc LookupPrivilegeValueA 313->314 315 1000e09f-1000e0c1 AdjustTokenPrivileges 313->315 316 1000e102-1000e11b LookupPrivilegeValueA 314->316 317 1000e0de-1000e100 AdjustTokenPrivileges 314->317 315->314 318 1000e141-1000e15a LookupPrivilegeValueA 316->318 319 1000e11d-1000e13f AdjustTokenPrivileges 316->319 317->316 320 1000e180-1000e199 LookupPrivilegeValueA 318->320 321 1000e15c-1000e17e AdjustTokenPrivileges 318->321 319->318 322 1000e19b-1000e1bd AdjustTokenPrivileges 320->322 323 1000e1bf-1000e1d8 LookupPrivilegeValueA 320->323 321->320 322->323 324 1000e1da-1000e1fc AdjustTokenPrivileges 323->324 325 1000e1fe-1000e217 LookupPrivilegeValueA 323->325 324->325 326 1000e219-1000e23b AdjustTokenPrivileges 325->326 327 1000e23d-1000e256 LookupPrivilegeValueA 325->327 326->327 328 1000e258-1000e27a AdjustTokenPrivileges 327->328 329 1000e27c-1000e295 LookupPrivilegeValueA 327->329 328->329 330 1000e297-1000e2b9 AdjustTokenPrivileges 329->330 331 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 329->331 330->331 334 1000e315-1000e334 PostThreadMessageA 331->334 335 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 331->335 334->334 334->335 336 1000e371 335->336 337 1000e367-1000e36e ??3@YAXPAX@Z 335->337 336->302 337->336
      APIs
        • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
        • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • Part of subcall function 10005720: FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
      • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
      • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
      • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
      • CloseHandle.KERNEL32(?), ref: 1000E35A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
      • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
      • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
      • API String ID: 2285828341-3151685581
      • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
      • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
      • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
      • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 220 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 221 1000e66d-1000e697 call 10005180 220->221 222 1000e64f-1000e65c ??2@YAPAXI@Z 220->222 228 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 221->228 229 1000e75f-1000e762 221->229 224 1000e666 222->224 225 1000e65e-1000e664 222->225 226 1000e668 224->226 225->226 226->221 233 1000e742-1000e75d SetFileAttributesA CreateThread 228->233 230 1000e764-1000e783 GetModuleFileNameA 229->230 231 1000e785-1000e788 229->231 230->233 234 1000e791-1000e79f OutputDebugStringA 231->234 235 1000e78a-1000e78f OutputDebugStringA 231->235 233->234 237 1000e923 234->237 238 1000e7a5-1000e7ac 234->238 235->234 243 1000eb15-1000eb2b call 1000fb3c 237->243 244 1000e929-1000e94a OutputDebugStringA _wcsicmp 237->244 240 1000e7cc-1000e7e0 GetNativeSystemInfo 238->240 241 1000e7ae-1000e7bb ??2@YAPAXI@Z 238->241 249 1000e7e2-1000e7e6 240->249 250 1000e7e8-1000e7fb GetSystemWow64DirectoryA 240->250 246 1000e7c5 241->246 247 1000e7bd-1000e7c3 241->247 251 1000e967-1000e97b _wcsicmp 244->251 252 1000e94c-1000e962 call 1000dc20 244->252 255 1000e7c7 246->255 247->255 249->250 257 1000e7fd-1000e80a GetSystemDirectoryA 249->257 258 1000e810-1000e81f OutputDebugStringA 250->258 251->243 253 1000e981-1000e995 OutputDebugStringA 251->253 252->251 261 1000e9b5-1000e9c9 GetNativeSystemInfo 253->261 262 1000e997-1000e9a4 ??2@YAPAXI@Z 253->262 255->240 257->258 260 1000e820-1000e826 258->260 260->260 264 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 260->264 267 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 261->267 268 1000e9cb-1000e9cf 261->268 265 1000e9a6-1000e9ac 262->265 266 1000e9ae 262->266 270 1000e8a4-1000e8aa 264->270 271 1000e9b0 265->271 266->271 273 1000e9f9-1000ea07 OutputDebugStringA 267->273 268->267 272 1000e9e6-1000e9f3 GetSystemDirectoryA 268->272 270->270 275 1000e8ac-1000e8d7 OutputDebugStringA 270->275 271->261 272->273 276 1000ea08-1000ea0e 273->276 278 1000e8f7-1000e90f call 100052b0 275->278 279 1000e8d9-1000e8e6 ??2@YAPAXI@Z 275->279 276->276 280 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 276->280 288 1000e915-1000e91d CloseHandle ExitProcess 278->288 289 1000eb0f CloseHandle 278->289 281 1000e8f0 279->281 282 1000e8e8-1000e8ee 279->282 284 1000ea90-1000ea96 280->284 285 1000e8f2 281->285 282->285 284->284 287 1000ea98-1000eaca OutputDebugStringA * 2 284->287 285->278 290 1000eacc-1000ead9 ??2@YAPAXI@Z 287->290 291 1000eafe-1000eb03 287->291 289->243 292 1000eaf7-1000eaf9 290->292 293 1000eadb-1000eaeb 290->293 291->289 292->291 293->292
      APIs
      • OutputDebugStringA.KERNEL32(dll run), ref: 1000E5EF
      • OutputDebugStringA.KERNEL32(dll run2), ref: 1000E5F6
      • GetCommandLineW.KERNEL32 ref: 1000E616
      • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
      • memset.MSVCR100 ref: 1000E63E
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
      • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
      • sprintf_s.MSVCR100 ref: 1000E714
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
      • SetFileAttributesA.KERNEL32(?,00000002), ref: 1000E742
      • CreateThread.KERNEL32(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
      • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
      • OutputDebugStringA.KERNEL32(dll run3), ref: 1000E796
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
      • GetNativeSystemInfo.KERNEL32(?), ref: 1000E7D1
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
      • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E815
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
      • sprintf_s.MSVCR100 ref: 1000E87B
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
      • OutputDebugStringA.KERNEL32(?), ref: 1000E8CE
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
      • CloseHandle.KERNEL32(00000000), ref: 1000E915
      • ExitProcess.KERNEL32 ref: 1000E91D
      • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
      • _wcsicmp.MSVCR100 ref: 1000E943
      • _wcsicmp.MSVCR100 ref: 1000E974
      • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
      • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
      • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
      • sprintf_s.MSVCR100 ref: 1000EA63
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
      • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
      • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
        • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CF0086A), ref: 1000DC8B
        • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
        • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • Part of subcall function 1000DC20: FindCloseChangeNotification.KERNEL32(?), ref: 1000DCD4
        • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderPathsprintf_s$CommandCreateHandleInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesChangeEventExitFindNotificationProcessThread_beginthreadexmemset
      • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
      • API String ID: 3194832325-3018988614
      • Opcode ID: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
      • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
      • Opcode Fuzzy Hash: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
      • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,75A8EC10), ref: 1000E3B4
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75A8EC10), ref: 1000E3C8
      • sprintf_s.MSVCR100 ref: 1000E3EC
      • sprintf_s.MSVCR100 ref: 1000E406
      • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E429
      • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E458
      • RegCloseKey.ADVAPI32(?), ref: 1000E469
      • RegCloseKey.ADVAPI32(?), ref: 1000E482
      • OutputDebugStringA.KERNEL32(meiyou), ref: 1000E489
      • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000E4A7
      • RegSetValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000E509
      • RegCloseKey.ADVAPI32(?), ref: 1000E516
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Close$OpenValuesprintf_s$DebugFileFolderModuleNameOutputPathQueryString
      • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
      • API String ID: 3385724880-3482547359
      • Opcode ID: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
      • Instruction ID: bb064bbf97c2c62d535bce16861935705af5cb94d10b491402d3a44aacf73ef4
      • Opcode Fuzzy Hash: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
      • Instruction Fuzzy Hash: 1C41B6B1A00229ABE724EB60CC95FEE77B9EF48741F404189F605AB181DB70EE54CF60
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • ResetEvent.KERNEL32(?), ref: 10002E7C
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
      • timeGetTime.WINMM ref: 10002E8E
      • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
      • gethostbyname.WS2_32(?), ref: 10002EDF
      • htons.WS2_32(?), ref: 10002EF8
      • connect.WS2_32(?,?,00000010), ref: 10002F16
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
      • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
      • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
      • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
      • _beginthreadex.MSVCR100 ref: 10002FF6
      • _beginthreadex.MSVCR100 ref: 1000300B
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
      • String ID: 0u
      • API String ID: 2079111011-3203441087
      • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
      • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
      • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
      • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 372 1000f5f0-1000f697 memset * 2 RegOpenKeyExA 373 1000f6a8-1000f6b2 372->373 374 1000f699-1000f6a3 372->374 375 1000f82c-1000f859 call 1000f85a call 1000fb3c 373->375 376 1000f6b8 373->376 374->375 376->375 378 1000f709-1000f73a RegQueryValueExA 376->378 379 1000f79e-1000f7cf RegQueryValueExA 376->379 380 1000f6bf-1000f6f0 RegQueryValueExA 376->380 381 1000f7df-1000f80a RegQueryValueExA 376->381 378->375 384 1000f740-1000f74c 378->384 379->375 385 1000f7d1-1000f7dd 379->385 380->375 383 1000f6f6-1000f704 lstrcpyA 380->383 381->375 386 1000f80c-1000f813 381->386 388 1000f822 383->388 389 1000f750-1000f753 384->389 390 1000f818-1000f81f wsprintfA 385->390 386->390 388->375 392 1000f755-1000f789 strncat * 2 strchr 389->392 393 1000f78b-1000f799 lstrcpyA 389->393 390->388 392->389 393->388
      APIs
      • memset.MSVCR100 ref: 1000F659
      • memset.MSVCR100 ref: 1000F66C
      • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 1000F68F
        • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
        • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Closememset$Open
      • String ID: %08X$Host
      • API String ID: 4198983563-2867006347
      • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
      • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
      • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
      • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • wsprintfA.USER32 ref: 1000DA17
      • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
      • GetLastError.KERNEL32 ref: 1000DA38
      • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
      • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
      • exit.MSVCR100 ref: 1000DA55
      • GetTickCount.KERNEL32 ref: 1000DAA0
      • GetTickCount.KERNEL32 ref: 1000DABB
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
      • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
      • CloseHandle.KERNEL32(?), ref: 1000DBE8
      • CloseHandle.KERNEL32(?), ref: 1000DC0B
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
      • String ID: %d:%d$206.238.220.90
      • API String ID: 3209965405-1077572718
      • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
      • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000680C
      • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP100 ref: 10006835
      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 10006854
      • InternetCloseHandle.WININET(00000000), ref: 10006861
      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068B0
      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068E7
      • InternetCloseHandle.WININET(00000000), ref: 10006929
      • InternetCloseHandle.WININET(00000000), ref: 1000692C
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000693E
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Internet$CloseHandle$FileOpenReadV01@$??3@??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
      • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
      • API String ID: 3920785804-909499719
      • Opcode ID: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
      • Instruction ID: dbd1db5420fc97e2b1574d172d17a853fb0eadf566ed8d2bb0c925582a551d23
      • Opcode Fuzzy Hash: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
      • Instruction Fuzzy Hash: FA41DAF1900169AFE725DB24CC84F9BB7BDEB88240F1185A9F60597240DB70DE85CFA4
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 450 10005180-100051be RegCreateKeyA 451 10005291-100052a5 call 1000fb3c 450->451 452 100051c4-100051f6 RegQueryValueExA 450->452 453 10005201-1000520a 452->453 454 100051f8-100051ff 452->454 457 10005210-10005215 453->457 454->453 456 10005234-10005260 RegQueryValueExA 454->456 460 10005262-10005269 456->460 461 1000526b-10005282 RegSetValueExA 456->461 457->457 459 10005217-10005232 RegSetValueExA 457->459 459->456 460->461 462 10005284-1000528b RegCloseKey 460->462 461->462 462->451
      APIs
      • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
      • RegQueryValueExA.KERNEL32(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
      • RegQueryValueExA.KERNEL32(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
      • RegCloseKey.KERNEL32(?,?,?), ref: 1000528B
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Value$Query$CloseCreate
      • String ID: BITS$Host$SYSTEM\Setup
      • API String ID: 2357964129-2174744495
      • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
      • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
      • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
      • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 463 10006480-100064eb memset * 2 464 1000650b-10006530 call 1000f5f0 lstrlenA 463->464 465 100064ed-100064fa ??2@YAPAXI@Z 463->465 471 10006532-10006538 gethostname 464->471 472 1000653e-1000654f lstrlenA call 1000fb3c 464->472 466 10006504 465->466 467 100064fc-10006502 465->467 469 10006506 466->469 467->469 469->464 471->472
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: lstrlenmemset$??2@gethostname
      • String ID: Host$SYSTEM\Setup
      • API String ID: 1496828540-2058306683
      • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
      • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
      • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
      • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 475 1000e530-1000e547 476 1000e550-1000e56a RegOpenKeyExA 475->476 477 1000e5ab-1000e5bb call 1000e390 Sleep 476->477 478 1000e56c-1000e586 RegQueryValueExA 476->478 477->476 479 1000e5a0-1000e5a5 RegCloseKey 478->479 480 1000e588-1000e59e RegCloseKey Sleep 478->480 479->477 480->476
      APIs
      • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
      • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
      • RegCloseKey.KERNEL32(?), ref: 1000E58D
      • Sleep.KERNEL32(00000BB8), ref: 1000E598
      • RegCloseKey.KERNEL32(?), ref: 1000E5A5
      • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
      Strings
      • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseSleep$OpenQueryValue
      • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 3341780449-3687489623
      • Opcode ID: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
      • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
      • Opcode Fuzzy Hash: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
      • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,883AEF3E,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
        • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
        • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
        • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,883AEF3E,?,74DF2F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
        • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
      • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
      • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
      • String ID:
      • API String ID: 2486110213-0
      • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
      • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 508 30007a0-3000801 call 30006d0 call 3000780 LoadLibraryA
      APIs
      • LoadLibraryA.KERNEL32(?,00000000,00000072), ref: 030007FC
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: A$b$d$i$o$y
      • API String ID: 1029625771-4132616007
      • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
      • Instruction ID: 37e778acffcc3297d9dfb89cea72c0f162463238323115e2f927bedb5e3e5022
      • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
      • Instruction Fuzzy Hash: 2AF0975444D3C1AEE302E768944579BBED61BE2644F48CC8CE4D80B283D2BA865CC7B3
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CF0086A), ref: 1000DC8B
      • _beginthreadex.MSVCR100 ref: 1000DCAB
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
      • FindCloseChangeNotification.KERNEL32(?), ref: 1000DCD4
      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
      • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseObjectSingleWait$??2@ChangeCreateEventFindHandleNotification_beginthreadex
      • String ID:
      • API String ID: 2957458102-0
      • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
      • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
      • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
      • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
      • Process32First.KERNEL32(00000000,00000128), ref: 10005754
      • _mbsicmp.MSVCR100 ref: 10005768
      • Process32Next.KERNEL32(00000000,?), ref: 1000577D
      • FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
      • String ID: 360Tray.exe
      • API String ID: 169230292-3639442380
      • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
      • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
      • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
      • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
      • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
      • RegCloseKey.KERNEL32(?), ref: 1000E58D
      • Sleep.KERNEL32(00000BB8), ref: 1000E598
      • RegCloseKey.KERNEL32(?), ref: 1000E5A5
      • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
      Strings
      • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseSleep$OpenQueryValue
      • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 3341780449-3687489623
      • Opcode ID: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
      • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
      • Opcode Fuzzy Hash: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
      • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: _errno$recvselect
      • String ID:
      • API String ID: 4102763267-0
      • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
      • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
      • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
      • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 030001C4
      • VirtualProtect.KERNEL32(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0300024A
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: Virtual$FreeProtect
      • String ID: $@
      • API String ID: 2581862158-1077428164
      • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
      • Instruction ID: 5e2756161ddac2554d92e62812527d869eb17daa52fd6b8183ed886d97074d42
      • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
      • Instruction Fuzzy Hash: E6314BB06053019FE754CF18C594BABB7E6BFC8708F44891CE9899B280D775EA45CB92
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ceil.MSVCR100 ref: 100011E9
      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
      • memcpy.MSVCR100 ref: 10001243
      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 10001256
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Virtual$AllocFreeceilmemcpy
      • String ID:
      • API String ID: 941304502-0
      • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
      • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
      • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
      • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ceil.MSVCR100 ref: 1000112F
      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
      • memcpy.MSVCR100 ref: 1000117C
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Virtual$AllocFreeceilmemcpy
      • String ID:
      • API String ID: 941304502-0
      • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
      • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
      • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
      • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Timememcpymemmovetime
      • String ID:
      • API String ID: 4274353191-0
      • Opcode ID: 7ab31908488119cf7fe01a3c08a77ff6143e5896606706c6d40ca1442972c94c
      • Instruction ID: afecd50a7c454d311ed32d302ad4081b02eea8efc9c71ac32c660e33d9f65598
      • Opcode Fuzzy Hash: 7ab31908488119cf7fe01a3c08a77ff6143e5896606706c6d40ca1442972c94c
      • Instruction Fuzzy Hash: 3F51AF767006029FE716CF69C8C0A9BB7A9FF48294B15C62CE9598B709DB31FC51CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 1000319B
      • InterlockedExchange.KERNEL32(?,00000001), ref: 100031B3
      • GetCurrentThreadId.KERNEL32 ref: 1000325F
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CurrentThread$ExchangeInterlocked
      • String ID:
      • API String ID: 4033114805-0
      • Opcode ID: 6a86ed22078e12e2b354d238a71a543c8b96340feb047aebf247ee9e0a35a410
      • Instruction ID: 92f6bba2800e62d8b85ec8c1807ef17e1ec769a13b423f36a60faff404f1ae5a
      • Opcode Fuzzy Hash: 6a86ed22078e12e2b354d238a71a543c8b96340feb047aebf247ee9e0a35a410
      • Instruction Fuzzy Hash: 87318C702006029FE719CF69C981A9BB7E8FF48784B10C52DE95ACB65AD731FC91CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
      • Instruction ID: 2f235608856334dc190e252335ae64489360bc066da2970cfa29da8d71fed6fd
      • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
      • Instruction Fuzzy Hash: 4D41D4B63023006FF754DF68EC84BAB77E8EFC4226F144569FA05CA681EB71D8018761
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • send.WS2_32(?,?,00040000,00000000), ref: 100032C1
      • send.WS2_32(?,?,?,00000000), ref: 100032FE
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: send
      • String ID:
      • API String ID: 2809346765-0
      • Opcode ID: 141fbcad572bc8a6ad12aa18cf5b4a2f5d9d7a34c88bb10396d11778853f58d5
      • Instruction ID: 1deb385b20d9e394e8c28e3a722fddd06f86f9e1ae6173c74813b045a65b48b2
      • Opcode Fuzzy Hash: 141fbcad572bc8a6ad12aa18cf5b4a2f5d9d7a34c88bb10396d11778853f58d5
      • Instruction Fuzzy Hash: 4211E572B01304ABF751CA6ACCC1B4FB79CEB513E4F10C021EA09D7145D670EE519650
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • HeapCreate.KERNEL32(00000004,00000000,00000000,?,00000000,1000F180,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EE1B
      • free.MSVCR100(?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EE56
        • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
        • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CreateCriticalDeleteExceptionHeapSectionThrowfree
      • String ID:
      • API String ID: 3340481177-0
      • Opcode ID: eb2c977b580c7c3017f6a721ad93d4119069a997f9a8caff46c63318c20b73ad
      • Instruction ID: 575860950ea909c0a9de24c01ecb41454bad4fa3f9112aa4f70152feecff987d
      • Opcode Fuzzy Hash: eb2c977b580c7c3017f6a721ad93d4119069a997f9a8caff46c63318c20b73ad
      • Instruction Fuzzy Hash: 6C0160F0A00B449FD720CF2AC884647FAE8FB98740B104A1EE6DAC7A20D370A545CB51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Sleep
      • String ID: f
      • API String ID: 3472027048-1993550816
      • Opcode ID: a3c409412f8d3035c8a806ed9ca81eea28748e70dcfa5ce068521c101b240359
      • Instruction ID: c7e15cd3906b8e7a7d059bf332d29cd3d7d3b3c8f0e640a517aa160ad10b5107
      • Opcode Fuzzy Hash: a3c409412f8d3035c8a806ed9ca81eea28748e70dcfa5ce068521c101b240359
      • Instruction Fuzzy Hash: 6AF09031604219ABE302CF95C8C4BAAF3BDFBA9395F118128E50947290C371AD96C7E1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
      • RegCloseKey.ADVAPI32(?), ref: 1000F870
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Close
      • String ID:
      • API String ID: 3535843008-0
      • Opcode ID: d15fc8f6703e039f4b14877a43bc8d7f030bba452b9068565a04aaf2fdfeacd4
      • Instruction ID: 4fc03b5113f31ef1954081eaa79b0761770d9ff5f927f98be152c15ce724a811
      • Opcode Fuzzy Hash: d15fc8f6703e039f4b14877a43bc8d7f030bba452b9068565a04aaf2fdfeacd4
      • Instruction Fuzzy Hash: B1C09B71D1513897CB14F754FC8495977755B8C300F11C1C5A104731548734FE51DF90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetEvent.KERNEL32(?,883AEF3E), ref: 1000F3F2
        • Part of subcall function 1000F560: OpenInputDesktop.USER32(00000000,00000000,000001FF), ref: 1000F5A3
        • Part of subcall function 1000F560: CloseDesktop.USER32(00000000), ref: 1000F5BB
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Desktop$CloseEventInputOpen
      • String ID:
      • API String ID: 319684186-0
      • Opcode ID: d2a506b43f5370245d5500818274ae055096f9462ac8b51c3d27bfb380c1e192
      • Instruction ID: 0b4f54108e71b58abfbf2b913fcca8459eb83f82172870ac95fb5b270e60f150
      • Opcode Fuzzy Hash: d2a506b43f5370245d5500818274ae055096f9462ac8b51c3d27bfb380c1e192
      • Instruction Fuzzy Hash: C4018C76A00218AFC700CF68CD80F9ABBF8FB4D660F00816AFA04D7750D731A9008BA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAStartup.WS2_32(00000202), ref: 1001116E
        • Part of subcall function 1000FC4B: __onexit.MSVCRT ref: 1000FC53
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Startup__onexit
      • String ID:
      • API String ID: 1034835647-0
      • Opcode ID: a679640e15643559f5c3a066f09e900c20a234f85583ead12a82baff5bd91695
      • Instruction ID: 37bb70fb8f6ff2c505897149bc16272910b5e66b9ecbd68bd4162a41f6be33dc
      • Opcode Fuzzy Hash: a679640e15643559f5c3a066f09e900c20a234f85583ead12a82baff5bd91695
      • Instruction Fuzzy Hash: 34E04F74A01208ABE704DBE5CD5799EB7A4EB0C240F50406DFA09DB351EA31FB549A96
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,00000000,00000000,00000000,?,030004FC,?,?,00000000,?,?,?), ref: 03000121
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
      • Instruction ID: 0a63f1ccc311c5a7d64d684055cffb342b8d6db1bf53be3bc7ed89d29c112038
      • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
      • Instruction Fuzzy Hash: D32149B1600201AFE314CF18DC85B9AF3E9FF88305F14886DF9858B281D7B1A895CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetVersionExW.KERNEL32(?), ref: 006C6434
      • GetCurrentProcess.KERNEL32(0000001A,?,00000004,00000000), ref: 006C6456
      • NtQueryInformationProcess.NTDLL ref: 006C645D
      • GetCommandLineW.KERNEL32 ref: 006C649F
      • GetStdHandle.KERNEL32(000000F5), ref: 006C64F3
      • GetFileType.KERNEL32(00000000), ref: 006C6504
      • memset.MSVCRT ref: 006C652B
      • memset.MSVCRT ref: 006C653D
      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 006C661D
      • RegCloseKey.ADVAPI32(?,?), ref: 006C6649
      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 006C6672
      • RegCloseKey.ADVAPI32(?), ref: 006C667E
      • CompareStringW.KERNEL32(00000409,?,00000002,?,006C1994,000000FF), ref: 006C68CA
      • CompareStringW.KERNEL32(00000409,00000001,00000002,?,package,?), ref: 006C68F9
      • CompareStringW.KERNEL32(00000409,00000001,00000002,?,006C17F0,000000FF), ref: 006C69BB
      • memset.MSVCRT ref: 006C6B2C
      • GlobalFree.KERNEL32(?), ref: 006C6BA4
      • lstrlenW.KERNEL32(?,00000063,?), ref: 006C6C69
      • GlobalFree.KERNEL32(00000000), ref: 006C6F6C
      • CoInitialize.OLE32(00000000), ref: 006C70D8
      • CoRegisterClassObject.OLE32(006C25E0,006CB064,00000004,00000001,006CC6AC), ref: 006C710F
      • GetCurrentThread.KERNEL32 ref: 006C7225
      • OpenThreadToken.ADVAPI32(00000000), ref: 006C722C
      • GetLastError.KERNEL32 ref: 006C723F
      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 006C7CAE
      • TranslateMessage.USER32(?), ref: 006C7CD0
      • DispatchMessageW.USER32(?), ref: 006C7CDE
      Strings
      • help, xrefs: 006C679A
      • ServerMain (CA): Wait on synchronization event failed, xrefs: 006C72E1
      • ServerMain (CA): Could not open synchronization handle., xrefs: 006C77BB, 006C7ABF
      • ServerMain (CA): CoInitializeSecurity failed, xrefs: 006C75F7
      • ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type, xrefs: 006C7460
      • /qn, xrefs: 006C67C3
      • quiet, xrefs: 006C67B8
      • PATCH=, xrefs: 006C6710
      • ServerMain (CA): Error: Format SD, xrefs: 006C75AC
      • ServerMain (CA): Connection to Service failed., xrefs: 006C769B
      • ServerMain (CA): Create Custom Action Server failed., xrefs: 006C76CD
      • ServerMain (CA): Access to token failed, xrefs: 006C7250
      • q, xrefs: 006C6AFA
      • package, xrefs: 006C6767, 006C6795, 006C68E8
      • log, xrefs: 006C684E
      • ServerMain (CA): Impersonation token not saved., xrefs: 006C78DD
      • /l*, xrefs: 006C6859
      • ServerMain (CA): Process not registered with service., xrefs: 006C7788
      • REBOOTPROMPT="", xrefs: 006C683B
      • ServerMain (CA): Error: Watch for change-of-owning-process signal, xrefs: 006C764A
      • norestart, xrefs: 006C67F4
      • /qb!- REBOOTPROMPT=S, xrefs: 006C67E1
      • OLEAUT32.dll, xrefs: 006C70DE
      • forcerestart, xrefs: 006C6812
      • update, xrefs: 006C6705
      • ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type, xrefs: 006C742F
      • ServerMain (CA): Error: Access to SD, xrefs: 006C74C5
      • ServerMain (CA): Parsing command line failed, xrefs: 006C71E1
      • ServerMain (CA): Error: Watch for the shutdown signal, xrefs: 006C7621
      • RUVEH?IJDqXFAtPYZlgmnc, xrefs: 006C6BDC, 006C6DB3, 006C6FDC
      • OpenProcessToken failed with %d, xrefs: 006C73F1
      • MSIPATCHREMOVE=, xrefs: 006C6774
      • passive, xrefs: 006C67D6
      • ServerMain (CA): Connect to remote object failed., xrefs: 006C77F8
      • ServerMain (CA): Wrong command line, xrefs: 006C71D0
      • Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries, xrefs: 006C65D9
      • uninstall, xrefs: 006C6715
      • REBOOT=Force, xrefs: 006C681D
      • promptrestart, xrefs: 006C6830
      • ServerMain (CA): Open synchronization event failed, xrefs: 006C7C8E
      • REBOOT=ReallySuppress, xrefs: 006C67FF
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: CompareMessageQueryStringmemset$CloseCurrentFreeGlobalProcessThreadValue$ClassCommandDispatchErrorFileHandleInformationInitializeLastLineObjectOpenRegisterTokenTranslateTypeVersionlstrlen
      • String ID: /l*$/qb!- REBOOTPROMPT=S$/qn$MSIPATCHREMOVE=$OLEAUT32.dll$OpenProcessToken failed with %d$PATCH=$REBOOT=Force$REBOOT=ReallySuppress$REBOOTPROMPT=""$RUVEH?IJDqXFAtPYZlgmnc$ServerMain (CA): Access to token failed$ServerMain (CA): CoInitializeSecurity failed$ServerMain (CA): Connect to remote object failed.$ServerMain (CA): Connection to Service failed.$ServerMain (CA): Could not open synchronization handle.$ServerMain (CA): Create Custom Action Server failed.$ServerMain (CA): Error: Access to SD$ServerMain (CA): Error: Format SD$ServerMain (CA): Error: Watch for change-of-owning-process signal$ServerMain (CA): Error: Watch for the shutdown signal$ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type$ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type$ServerMain (CA): Impersonation token not saved.$ServerMain (CA): Open synchronization event failed$ServerMain (CA): Parsing command line failed$ServerMain (CA): Process not registered with service.$ServerMain (CA): Wait on synchronization event failed$ServerMain (CA): Wrong command line$Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries$forcerestart$help$log$norestart$package$passive$promptrestart$q$quiet$uninstall$update
      • API String ID: 1475639937-2370891382
      • Opcode ID: 42a0ef0c6c7b0c3b640f4f4172ffbd928535c47cc94f944e51a5eeb281cd43ba
      • Instruction ID: f4634a4b342e594936809edeb35259603e3eb5f37ca839326f2157964d857cb3
      • Opcode Fuzzy Hash: 42a0ef0c6c7b0c3b640f4f4172ffbd928535c47cc94f944e51a5eeb281cd43ba
      • Instruction Fuzzy Hash: BEE2AB716083429FD7209F24C844FBABBE7FB88314F14492EF599972A0EB709D46CB56
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • FreeSid.ADVAPI32(?), ref: 006C3256
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3274
      • FreeSid.ADVAPI32(?), ref: 006C3292
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C32B0
      • FreeSid.ADVAPI32(?), ref: 006C32CE
      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C32F0
      • FreeSid.ADVAPI32(?), ref: 006C330E
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000013,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C332C
      • FreeSid.ADVAPI32(?), ref: 006C334A
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000014,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3368
      • FreeSid.ADVAPI32(?), ref: 006C33CF
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C33EC
      • FreeSid.ADVAPI32(?), ref: 006C340A
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3428
      • FreeSid.ADVAPI32(?), ref: 006C3446
      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3468
      • FreeSid.ADVAPI32(?), ref: 006C34A2
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C34C0
      • FreeSid.ADVAPI32(?), ref: 006C34DE
      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3500
      • FreeSid.ADVAPI32(?), ref: 006C3548
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3566
      • FreeSid.ADVAPI32(?), ref: 006C3584
      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C35A6
      • FreeSid.ADVAPI32(?), ref: 006C35C4
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C35E2
      • FreeSid.ADVAPI32(?), ref: 006C3628
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3646
      • FreeSid.ADVAPI32(?), ref: 006C3664
      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3686
      • FreeSid.ADVAPI32(?), ref: 006C36AE
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C36CC
      • FreeSid.ADVAPI32(?), ref: 006C36EA
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3707
      • FreeSid.ADVAPI32(?), ref: 006C3725
      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006C3747
      • GetLengthSid.ADVAPI32(?), ref: 006C37A0
      • memset.MSVCRT ref: 006C37C5
      • GlobalAlloc.KERNEL32(00000000,?), ref: 006C37E8
      • InitializeAcl.ADVAPI32(?,?,00000002), ref: 006C3816
      • AddAccessAllowedAce.ADVAPI32(?,00000002,?,?), ref: 006C3842
      • GetAce.ADVAPI32(?,?,?), ref: 006C385D
      • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 006C3887
      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006C389D
      • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 006C38AE
      • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 006C38C7
      • GetSecurityDescriptorLength.ADVAPI32(?), ref: 006C38D6
      • MakeSelfRelativeSD.ADVAPI32(?,?,?), ref: 006C38F3
      • GetLastError.KERNEL32 ref: 006C38FD
      • GlobalFree.KERNEL32(?), ref: 006C3918
      • GetLastError.KERNEL32 ref: 006C3920
      • FreeSid.ADVAPI32(?), ref: 006C393D
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: FreeInitialize$Allocate$DescriptorSecurity$ErrorGlobalLastLength$AccessAllocAllowedDaclGroupMakeOwnerRelativeSelfmemset
      • String ID:
      • API String ID: 3802846876-0
      • Opcode ID: 9381fb408d7b44ac389dca1ba5a542c80d3e2150c7b0d5e8002b5d0b6164a30f
      • Instruction ID: b8084bf6103fe43a6c48b94cf711ea25e588b336debe53e2507430ce65869b28
      • Opcode Fuzzy Hash: 9381fb408d7b44ac389dca1ba5a542c80d3e2150c7b0d5e8002b5d0b6164a30f
      • Instruction Fuzzy Hash: B7121671608385AFDB209F65DC88FBBB7EAFB84745F10882DB589C2260E771D905CB52
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OutputDebugStringA.KERNEL32(PuppetProcess1,?,?,74DE9350), ref: 100052DC
      • memset.MSVCR100 ref: 100052EA
      • OutputDebugStringA.KERNEL32(PuppetProcess2,?,?,74DE9350), ref: 10005340
      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,?,74DE9350), ref: 10005362
      • memset.MSVCR100 ref: 1000537F
      • ??2@YAPAXI@Z.MSVCR100 ref: 10005391
      • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,74DE9350), ref: 100053B4
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,?,74DE9350), ref: 100053D9
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100053ED
      • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,?,74DE9350), ref: 100053F8
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,?,74DE9350), ref: 10005438
      • sprintf_s.MSVCR100 ref: 10005456
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000546E
      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 10005494
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054A7
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054B0
      • OutputDebugStringA.KERNEL32(PuppetProcess3,?,?,74DE9350), ref: 100054CA
      • SuspendThread.KERNEL32(?,?,?,74DE9350), ref: 100054D3
      • OutputDebugStringA.KERNEL32(PuppetProcess4,?,?,74DE9350), ref: 100054DE
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,?,74DE9350), ref: 100054F4
      • OutputDebugStringA.KERNEL32(PuppetProcess5,?,?,74DE9350), ref: 10005505
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,?,74DE9350), ref: 1000551C
      • OutputDebugStringA.KERNEL32(PuppetProcess6,?,?,74DE9350), ref: 1000552B
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,?,74DE9350), ref: 10005536
      • ResumeThread.KERNEL32(?,?,?,74DE9350), ref: 10005543
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadmemset$??2@AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWow64Writesprintf_s
      • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
      • API String ID: 3266731739-3220118345
      • Opcode ID: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
      • Instruction ID: aded121a93d6f97706c05bd1408f558c03f80ff1c0b964637246e8f354e17e79
      • Opcode Fuzzy Hash: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
      • Instruction Fuzzy Hash: 727160F1900228AFEB15DB64CCD4EEA77BDEB48745F008199F609A7140DA71AF94CF61
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetLastError.KERNEL32(00000020,00000000,00000000), ref: 006C5A12
      • RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 006C5A8A
      • RegCloseKey.ADVAPI32(?), ref: 006C5AAA
      • GlobalFree.KERNEL32(?), ref: 006C5ABF
      • RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 006C5B14
      • RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 006C5B35
      • lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 006C5B3C
      • RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 006C5B59
      • RegCloseKey.ADVAPI32(?), ref: 006C5B65
      • memset.MSVCRT ref: 006C5B84
      • OutputDebugStringW.KERNEL32(?), ref: 006C5BD4
      • SetLastError.KERNEL32(00000000), ref: 006C5BDB
        • Part of subcall function 006C2F5E: RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZl,?,006C5A48,?,?,?), ref: 006C2F8B
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Value$CloseErrorLast$CreateDebugFreeGlobalOpenOutputQueryStringlstrlenmemset
      • String ID: %s$($Debug$Error: %d. %s.$LastError$LastErrorMessage$P$ServerMain (CA): Open synchronization event failed$Software\Microsoft\Windows\CurrentVersion\Installer\CA$Software\Policies\Microsoft\Windows\Installer
      • API String ID: 3407900974-1723650419
      • Opcode ID: 84254b7bddf8abb96f60167d81e903ffc54e80b6f14ac0512d754d5c901d8ab5
      • Instruction ID: cce7007e2a203b8de0bc84e925327b33aed557183891296606196fa0865e59fc
      • Opcode Fuzzy Hash: 84254b7bddf8abb96f60167d81e903ffc54e80b6f14ac0512d754d5c901d8ab5
      • Instruction Fuzzy Hash: DD517EB1A0021CEBDB209F55DC85FBA7BBAFB05344F0141ADF54AA2151DB729E85CF90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • memset.MSVCRT ref: 006C5CAD
      • GetACP.KERNEL32(00000641,?,00000000), ref: 006C5CE3
      • LoadLibraryW.KERNEL32(KERNEL32), ref: 006C5CF0
      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 006C5D02
      • GetLocaleInfoW.KERNEL32(?,20001004,?,0000000A), ref: 006C5D38
      • FreeLibrary.KERNEL32(00000000), ref: 006C5D46
      • FormatMessageW.KERNEL32(00001000,00000000,00000641,?,?,00000401,00000000), ref: 006C5D6C
      • memset.MSVCRT ref: 006C5DEE
      • GetVersionExW.KERNEL32(0000011C), ref: 006C5E07
        • Part of subcall function 006C2E35: _vsnwprintf.MSVCRT ref: 006C2E67
      • lstrlenW.KERNEL32(?), ref: 006C5E96
      • WriteFile.KERNEL32(?,00000000,?,00000000), ref: 006C5EB4
      • WriteFile.KERNEL32(006C2638,00000004,?,00000000), ref: 006C5ECF
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: FileLibraryWritememset$AddressFormatFreeInfoLoadLocaleMessageProcVersion_vsnwprintflstrlen
      • String ID: GetUserDefaultUILanguage$Install error %i$KERNEL32
      • API String ID: 2411759445-2065445882
      • Opcode ID: cc558d21b436dc3c05a254937246f39e9078f4f8cfb711a9f7bf6639b496e6d4
      • Instruction ID: 48683330ae0dddc9173b2ffb824e44ce0bf9df940f3fbd1ccd8e4f312af38fdb
      • Opcode Fuzzy Hash: cc558d21b436dc3c05a254937246f39e9078f4f8cfb711a9f7bf6639b496e6d4
      • Instruction Fuzzy Hash: 5B518471A00219ABEB109B64DC49FFB777EFB08364F140169F51AE2191DA71EE45CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 03006FB8
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 03006FDD
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 03006FF1
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 0300703C
      • CopyFileA.KERNEL32(?,?,00000000), ref: 03007072
      • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030070D7
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030070F8
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03007120
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0300713A
      • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03007147
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
      • String ID: D$\msiexec.exe
      • API String ID: 3303475852-2685333904
      • Opcode ID: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
      • Instruction ID: 7b1d219028281aeb8915f09a35715e6c50708efa523a4560371556a5f0766d36
      • Opcode Fuzzy Hash: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
      • Instruction Fuzzy Hash: 14714DF1901228AFEB25DB64CCD4EEAB7BDEB48704F008199F60997140DA75AF94CF61
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThread.KERNEL32 ref: 006C2FC1
      • OpenThreadToken.ADVAPI32(00000000), ref: 006C2FC8
      • GetLastError.KERNEL32 ref: 006C2FD2
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 006C2FE9
      • OpenProcessToken.ADVAPI32(00000000), ref: 006C2FF0
      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006C300F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000030,?,?), ref: 006C303B
      • CloseHandle.KERNEL32(?), ref: 006C3044
      • GetLastError.KERNEL32 ref: 006C304A
      • CloseHandle.KERNEL32(?), ref: 006C3068
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Token$CloseCurrentErrorHandleLastOpenProcessThread$AdjustLookupPrivilegePrivilegesValue
      • String ID:
      • API String ID: 268630328-0
      • Opcode ID: 87c349c940aa483517a34c4a44ad295c3242df8a394aca6bddd1c07bdacf73bb
      • Instruction ID: bc07cac21ed7e7aa974c2a806fc375cb9208c363e206efd69d0f7fa2bb958e98
      • Opcode Fuzzy Hash: 87c349c940aa483517a34c4a44ad295c3242df8a394aca6bddd1c07bdacf73bb
      • Instruction Fuzzy Hash: 70212D72B00219EBDB109FA9ED49FEDBBBAEF04705F105029F501E6260DB7199428B64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 006C3133
      • GetLastError.KERNEL32(?,?), ref: 006C313D
      • GetLengthSid.ADVAPI32(?,?,?), ref: 006C3148
      • FreeSid.ADVAPI32(00000000), ref: 006C315E
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AllocateErrorFreeInitializeLastLength
      • String ID:
      • API String ID: 1611457584-0
      • Opcode ID: 7af394281e74b8c5d31c9261277d7535027bb12040006fca8b447f0a77a32296
      • Instruction ID: db5995846f719108015b95c24a2195b3fbb4bf39a7761acc4e4be4ba5415405f
      • Opcode Fuzzy Hash: 7af394281e74b8c5d31c9261277d7535027bb12040006fca8b447f0a77a32296
      • Instruction Fuzzy Hash: 13113D70A14318EFDB009FA8DC0DFBEBB7AFB08308F04946DE416A26A0D7718A45CB51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsDebuggerPresent.KERNEL32 ref: 10010108
      • _crt_debugger_hook.MSVCR100(00000001), ref: 10010115
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001011D
      • UnhandledExceptionFilter.KERNEL32(10012404), ref: 10010128
      • _crt_debugger_hook.MSVCR100(00000001), ref: 10010139
      • GetCurrentProcess.KERNEL32(C0000409), ref: 10010144
      • TerminateProcess.KERNEL32(00000000), ref: 1001014B
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 3369434319-0
      • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction ID: 3dd05fdeb98c840c3ac9c3c292ea311adfb4bbb0d0e4fad1bae5c61b1b3eb1b5
      • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction Fuzzy Hash: 3521DDB8902A24DFF701DF65CDC56443BB6FB1C344F52801AE5088B26AE7B1E980CF09
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsDebuggerPresent.KERNEL32 ref: 03011D0C
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03011D21
      • UnhandledExceptionFilter.KERNEL32(10012404), ref: 03011D2C
      • GetCurrentProcess.KERNEL32(C0000409), ref: 03011D48
      • TerminateProcess.KERNEL32(00000000), ref: 03011D4F
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 2579439406-0
      • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction ID: 6fccb5ccf491a3ad6afc6cbf5d11143b7db6e9ac848735ae5f28ffc9743a762e
      • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction Fuzzy Hash: D121CCB8802620DFF705DF69DDC96443BBAFB1C344F51801AE6088B265E771E990CF15
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 006C7DF2
      • GetLastError.KERNEL32 ref: 006C7DFC
        • Part of subcall function 006C59F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 006C5A12
        • Part of subcall function 006C59F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 006C5A8A
        • Part of subcall function 006C59F2: RegCloseKey.ADVAPI32(?), ref: 006C5AAA
        • Part of subcall function 006C59F2: GlobalFree.KERNEL32(?), ref: 006C5ABF
        • Part of subcall function 006C59F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 006C5B14
        • Part of subcall function 006C59F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 006C5B35
        • Part of subcall function 006C59F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 006C5B3C
        • Part of subcall function 006C59F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 006C5B59
        • Part of subcall function 006C59F2: RegCloseKey.ADVAPI32(?), ref: 006C5B65
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Value$CloseErrorLast$CreateCtrlDispatcherFreeGlobalQueryServiceStartlstrlen
      • String ID: MSIServer$StartServiceCtrlDispatcher failed.
      • API String ID: 2998827721-520530687
      • Opcode ID: 9f414c05c6beca7df5e53a42e981b8eb428794dd764b8cbc470b99fde5d68681
      • Instruction ID: 97bb9dab2d91055b89e955e9917603cdb511a02fbd6bd7ab0c0371718b4f5d9b
      • Opcode Fuzzy Hash: 9f414c05c6beca7df5e53a42e981b8eb428794dd764b8cbc470b99fde5d68681
      • Instruction Fuzzy Hash: B7E09271A101099BDB00EFA88809FBE7AFAEB44309F0045AC9512E2141DB70C9068B91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,006C9726,006C1000), ref: 006C95F7
      • UnhandledExceptionFilter.KERNEL32(006C9726,?,006C9726,006C1000), ref: 006C9600
      • GetCurrentProcess.KERNEL32(C0000409,?,006C9726,006C1000), ref: 006C960B
      • TerminateProcess.KERNEL32(00000000,?,006C9726,006C1000), ref: 006C9612
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
      • String ID:
      • API String ID: 3231755760-0
      • Opcode ID: fad3d2fa8a360696c2f3784c71bbebd054953891165a9038d1a4fff88033d9f8
      • Instruction ID: c1dae35a2651ffb4b616846744db12ec4fe453d64ca2da273f52543d0d6a6c01
      • Opcode Fuzzy Hash: fad3d2fa8a360696c2f3784c71bbebd054953891165a9038d1a4fff88033d9f8
      • Instruction Fuzzy Hash: B9D01232000104FBCB002FE1EC0DEA97F2AEB44312F085020F309C2920DB358442CB65
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 006C3C24: EnterCriticalSection.KERNEL32(006CC838,?,?,?,006C3C1E,00000000,00000000), ref: 006C3C31
        • Part of subcall function 006C3C24: LeaveCriticalSection.KERNEL32(006CC838,?,?,?,006C3C1E,00000000,00000000), ref: 006C3CDF
      • RegOpenKeyExW.ADVAPI32(80000000,CLSID,00000000,00020019,?,00000002,00000000,00007530), ref: 006C7EFB
      • RegCloseKey.ADVAPI32(?), ref: 006C7F0B
        • Part of subcall function 006C8745: GlobalAlloc.KERNEL32(00000000,?,00000000,?,006C7F98,00000200), ref: 006C875F
        • Part of subcall function 006C8745: memset.MSVCRT ref: 006C8778
      • CoUninitialize.OLE32 ref: 006C7F5B
      • MakeAbsoluteSD.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000200), ref: 006C8058
      • CoUninitialize.OLE32 ref: 006C8066
      • GetLastError.KERNEL32 ref: 006C806C
      • GetLastError.KERNEL32(00000000), ref: 006C80AC
      • CoUninitialize.OLE32(00000002,00000000,00007530), ref: 006C80C2
      • InitializeCriticalSection.KERNEL32(006CC488,00000002,00000000,00007530), ref: 006C81D2
      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 006C81F5
      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 006C8204
      • GetLastError.KERNEL32 ref: 006C8246
      • GetLastError.KERNEL32 ref: 006C8276
      • CoRegisterClassObject.OLE32(006C25E0,?,00000015,00000001,?,00000002,00000000,00007530), ref: 006C82C0
      • MsgWaitForMultipleObjects.USER32(00000003,?,00000000,000000FF,00001CFF), ref: 006C8343
      • TranslateMessage.USER32(?), ref: 006C8375
      • DispatchMessageW.USER32(?), ref: 006C8382
      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006C8394
      • GetLastError.KERNEL32 ref: 006C83C6
      • GetLastError.KERNEL32 ref: 006C83CC
      • GetLastError.KERNEL32(00000000), ref: 006C841B
      • EnterCriticalSection.KERNEL32(006CC488,00000001,00000000), ref: 006C843C
      • CloseHandle.KERNEL32 ref: 006C8448
      • LeaveCriticalSection.KERNEL32(006CC488), ref: 006C8459
      • EnterCriticalSection.KERNEL32(006CC488,00000001,00000000), ref: 006C846C
      • CloseHandle.KERNEL32 ref: 006C8478
      • LeaveCriticalSection.KERNEL32(006CC488), ref: 006C8489
      • EnterCriticalSection.KERNEL32(006CC488,00000001,00000000), ref: 006C849C
      • CloseHandle.KERNEL32 ref: 006C84A8
      • LeaveCriticalSection.KERNEL32(006CC488), ref: 006C84B9
      • CoUninitialize.OLE32(00000001,00000000), ref: 006C84C3
      • DeleteCriticalSection.KERNEL32(006CC488,00000001,00000000), ref: 006C84E0
      • CoUninitialize.OLE32(?,?,?,?,00000200), ref: 006C84EC
      • GlobalFree.KERNEL32(?), ref: 006C850D
      • GlobalFree.KERNEL32(?), ref: 006C8526
      • GlobalFree.KERNEL32(?), ref: 006C853F
      • GlobalFree.KERNEL32(?), ref: 006C8558
      • GlobalFree.KERNEL32(?), ref: 006C8571
      Strings
      • ServiceThreadMain: CreateEvent failed., xrefs: 006C840D
      • ServiceThreadMain: SetWaitableTimer failed., xrefs: 006C827C
      • CLSID, xrefs: 006C7EF1
      • Wait Failed in MsgWait., xrefs: 006C83D4
      • CoCreateInstance of CLSID_GlobalOptions failed., xrefs: 006C8105
      • ServiceThreadMain: CoInitializeSecurity failed, xrefs: 006C80A0
      • Set of COMGLB_UNMARSHALING_POLICY failed., xrefs: 006C8163
      • ServiceThreadMain: CreateWaitableTimer failed., xrefs: 006C824C
      • ServiceThreadMain: CreateSD for CreateWaitableTimer failed., xrefs: 006C81B1
      • ServiceThreadMain: Class registration failed, xrefs: 006C8400
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$ErrorLast$Global$FreeUninitialize$CloseEnterLeave$HandleMessage$CreateEvent$AbsoluteAllocClassDeleteDispatchInitializeMakeMultipleObjectObjectsOpenPeekRegisterTranslateWaitmemset
      • String ID: CLSID$CoCreateInstance of CLSID_GlobalOptions failed.$ServiceThreadMain: Class registration failed$ServiceThreadMain: CoInitializeSecurity failed$ServiceThreadMain: CreateEvent failed.$ServiceThreadMain: CreateSD for CreateWaitableTimer failed.$ServiceThreadMain: CreateWaitableTimer failed.$ServiceThreadMain: SetWaitableTimer failed.$Set of COMGLB_UNMARSHALING_POLICY failed.$Wait Failed in MsgWait.
      • API String ID: 535215923-1806920385
      • Opcode ID: 1d43d296460210eff26c365df6f4b80e497ed49301c4f31bae2fe4cb9f1c0519
      • Instruction ID: d0a7daff569bd856af2a64ed3d4add960beba6bb1551c368260abc11f0a6f255
      • Opcode Fuzzy Hash: 1d43d296460210eff26c365df6f4b80e497ed49301c4f31bae2fe4cb9f1c0519
      • Instruction Fuzzy Hash: 1C02A370A002299FEB349F649D99FBA77ABEB44714F0091ADF509A3250DF719E81CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0300FAC1
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0300FADE
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0300FB9D
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0300FBDC
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0300FC1B
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0300FC5A
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0300FC99
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0300FCD8
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0300FD17
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0300FD56
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0300FD95
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0300FDD4
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0300FE13
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0300FE52
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0300FE91
      • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0300FEE1
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0300FEF5
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0300FF23
      • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0300FF40
      • CloseHandle.KERNEL32(?), ref: 0300FF5E
      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0300FF79
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: LookupPrivilegeValue$Process$CloseHandleOpenToken$InformationLengthMessagePostTerminateThread
      • String ID:
      • API String ID: 1335550552-3916222277
      • Opcode ID: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
      • Instruction ID: a6c87f6f5a5166560eacc822859226cf78a211b9616547624c360c36f311df97
      • Opcode Fuzzy Hash: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
      • Instruction Fuzzy Hash: 7812A6B1E41219ABEB24CFD5CD81FEEBBB5BF48700F148519E615BB280D7B0AA01CB54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryA.KERNEL32(?), ref: 10005646
      • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000565A
      • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005665
      • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005670
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 1000567B
      • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 100056D3
      • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 100056DF
      • CloseHandle.KERNEL32(?), ref: 100056F2
      • FreeLibrary.KERNEL32(00000000), ref: 100056FD
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
      • String ID: .dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$pi32
      • API String ID: 3440622277-1578001699
      • Opcode ID: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
      • Instruction ID: 97513855ba7d5b96b8eea992fadbc770b1a1e9ea9204260f57e06f18dc82c778
      • Opcode Fuzzy Hash: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
      • Instruction Fuzzy Hash: 1531AFB5A01218ABEB10DBB4DD89BEEBBB8EF49641F104119FA05B7280DB71D910CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,883AEF3E,745947A0,?,?,00000001), ref: 10004AE6
      • EnterCriticalSection.KERNEL32(?,883AEF3E,745947A0,?,?,00000001), ref: 10004B0D
      • SetLastError.KERNEL32(0000139F), ref: 10004B21
      • LeaveCriticalSection.KERNEL32(?), ref: 10004B28
      • ??_V@YAXPAX@Z.MSVCR100 ref: 10004B2F
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$EnterLeave
      • String ID:
      • API String ID: 2124651672-0
      • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction ID: 5fe8bdd41a10f96eed0c08b81a8c651ccd934f21ec4c15eef027c2ec4447b3e6
      • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction Fuzzy Hash: 8C519AB6A047059FE310DFA8D885B5ABBF4FB48751F00862AE90AC3B51DB35E810CB95
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • wsprintfA.USER32 ref: 0300F61B
      • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0300F630
      • GetLastError.KERNEL32 ref: 0300F63C
      • ReleaseMutex.KERNEL32(00000000), ref: 0300F64A
      • CloseHandle.KERNEL32(00000000), ref: 0300F651
      • GetTickCount.KERNEL32 ref: 0300F6A4
      • GetTickCount.KERNEL32 ref: 0300F6BF
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0300F6FD
      • TerminateThread.KERNEL32(?,000000FF), ref: 0300F7DE
      • CloseHandle.KERNEL32(?), ref: 0300F7EC
      • CloseHandle.KERNEL32(?), ref: 0300F80F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CloseHandle$CountCreateMutexTick$ErrorEventLastReleaseTerminateThreadwsprintf
      • String ID: 206.238.220.90
      • API String ID: 583979846-2036524226
      • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction ID: 05dee5499b259550d4f60486675e20bf3813a4feefbe73a3b8a0a4327d38257e
      • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction Fuzzy Hash: 8E517CB1509791AFE730DF68CC84B9BB7E4FB88711F004A18E54A9B290C7709815CF92
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 03004A80
      • InterlockedExchange.KERNEL32(?,00000000), ref: 03004A8C
      • timeGetTime.WINMM ref: 03004A92
      • socket.WS2_32(00000002,00000001,00000006), ref: 03004ABF
      • gethostbyname.WS2_32(?), ref: 03004AE3
      • htons.WS2_32(?), ref: 03004AFC
      • connect.WS2_32(?,?,00000010), ref: 03004B1A
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 03004BCE
      • InterlockedExchange.KERNEL32(?,00000001), ref: 03004BD7
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
      • String ID: 0u
      • API String ID: 3940796591-3203441087
      • Opcode ID: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
      • Instruction ID: 9bab21f08caeccc3e8a8ad3904bd773277f21902acb90f2e2889f2e414cafb1e
      • Opcode Fuzzy Hash: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
      • Instruction Fuzzy Hash: 97514CB1640704ABE720DFA5CC85FAAB7F8FF48B10F108619F656A76D0D7B4A904CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryExW.KERNEL32(ISMIF32.DLL,00000000,00000800,?,00000000), ref: 006C57F6
      • GetProcAddress.KERNEL32(00000000,InstallStatusMIF), ref: 006C580C
      • GetSystemDefaultLangID.KERNEL32(?,00000000), ref: 006C585C
      • memset.MSVCRT ref: 006C589D
      • FormatMessageW.KERNEL32(00001000,00000000,00000000,?,?,00000105,00000000,?,00000000), ref: 006C58C5
      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,006CC920,00000100,00000000,00000000,?,00000000), ref: 006C5902
      • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 006C5976
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Library$AddressByteCharDefaultFormatFreeLangLoadMessageMultiProcSystemWidememset
      • String ID: ISMIF32.DLL$InstallStatusMIF$Installer error %i
      • API String ID: 2186023739-4237920443
      • Opcode ID: b2fc0bbf21ccd946988214f295eed33361842e76170551c35bf149d44765afbc
      • Instruction ID: 3ac809c6efe45dc2073a7893c77c667179ad68a4d99b9ee6eee5d34921ce1973
      • Opcode Fuzzy Hash: b2fc0bbf21ccd946988214f295eed33361842e76170551c35bf149d44765afbc
      • Instruction Fuzzy Hash: 6041F430740658BEE710AB689C8EFFA76ABEB15730F1501ADF45FE31C0DAB0AD804665
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 10005BBD
      • memset.MSVCR100 ref: 10005BD1
      • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?), ref: 10005BEB
      • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000005,?,?), ref: 10005C26
      • _mbscmp.MSVCR100 ref: 10005C39
      • lstrcpyA.KERNEL32(-000000D0,system), ref: 10005C52
      • WTSFreeMemory.WTSAPI32(?), ref: 10005C67
      • WTSFreeMemory.WTSAPI32(?), ref: 10005C84
      • ??3@YAXPAX@Z.MSVCR100 ref: 10005C9E
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: FreeMemory$??2@??3@EnumerateInformationQuerySessionSessions_mbscmplstrcpymemset
      • String ID: system
      • API String ID: 2835183911-3377271179
      • Opcode ID: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
      • Instruction ID: d08ab42cfd6b18e12b5412b75c8ea3aae0022bfd40c742a0170e7af3aa65547d
      • Opcode Fuzzy Hash: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
      • Instruction Fuzzy Hash: FF31A1B5A00219AFEB10CF90CCC8DAFBBB8FF44711F108119E915A3244D730AA51CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
      • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
      • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
      • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
      • _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
      • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
      • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@D@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID: bad cast
      • API String ID: 3682899576-3145022300
      • Opcode ID: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
      • Instruction ID: 9267944088e3d385a90ca68d15580f4292d556ca69c9bd6cbb330ffcc8da112e
      • Opcode Fuzzy Hash: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
      • Instruction Fuzzy Hash: D5319375900265AFEB14DF54CC98ADEB7B4FB48760F06825AE912A7390DF30ED40CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryW.KERNEL32(kernel32.dll,OLEAUT32.dll,0000005C,?,?,006C9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,006C90C6,0000020A,?), ref: 006C8F8C
      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 006C8F9F
      • GetLastError.KERNEL32(?,006C9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,006C90C6,0000020A,?), ref: 006C8FAB
      • FreeLibrary.KERNEL32(00000000,?,006C9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,006C90C6,0000020A,?), ref: 006C8FE0
      • SetLastError.KERNEL32(00000000,?,006C9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,006C90C6,0000020A,?), ref: 006C8FE7
      • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 006C8FF8
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: ErrorLastLibrary$AddressDirectoryFreeLoadProcSystem
      • String ID: GetSystemWow64DirectoryW$OLEAUT32.dll$kernel32.dll
      • API String ID: 1648426049-138662608
      • Opcode ID: aeed1a5c141f93baaaf74133d1bc31f27c8d85c48e9340e9a6cbbbc2a2e265d6
      • Instruction ID: 4b3c0f12fe469e7511884fcd032bd14a70dcc7f08c03d54e6a104e82fca55741
      • Opcode Fuzzy Hash: aeed1a5c141f93baaaf74133d1bc31f27c8d85c48e9340e9a6cbbbc2a2e265d6
      • Instruction Fuzzy Hash: 3001B5363046516FD7226B689C4CFBB7A9BEB94391F1A103EFA12D3250EEB0CC018654
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,10016034,10012308,?,?,00000001), ref: 030066EA
      • RtlEnterCriticalSection.NTDLL(?), ref: 03006711
      • SetLastError.KERNEL32(0000139F), ref: 03006725
      • RtlLeaveCriticalSection.NTDLL(?), ref: 0300672C
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$EnterLeave
      • String ID:
      • API String ID: 2124651672-0
      • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction ID: 1e78cf84e807fb916d63c492073f56b474293c92fba98ae9a6356266ba74f2be
      • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction Fuzzy Hash: 42518CB6A047049FE714DF68C884B6AB7F5FB48711F008A6EE90AC3B90DB75E4108B51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • lstrlenW.KERNEL32 ref: 006C5475
        • Part of subcall function 006C8665: GlobalAlloc.KERNEL32(00000040,?,00000020,-00000002,00000000,?,006C66E9,?,?,?), ref: 006C8680
      • CoInitialize.OLE32(00000000), ref: 006C54EB
      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 006C54FF
      • SetCurrentDirectoryW.KERNEL32(?,?,00000000,00000008), ref: 006C5511
      • GetLastError.KERNEL32(?,00000000,00000008), ref: 006C551B
      • SetThreadToken.ADVAPI32(00000000,00000000,?,00000000,00000008), ref: 006C5534
      • GetLastError.KERNEL32(?,00000000,00000008), ref: 006C553E
      • GetProcAddress.KERNEL32(00000000), ref: 006C5559
      • GetLastError.KERNEL32(?,?,00000000,00000008), ref: 006C5565
      • FreeLibrary.KERNEL32(00000000,?,00000000,00000008), ref: 006C558D
      • CoUninitialize.OLE32(?,00000000,00000008), ref: 006C5593
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: ErrorLast$Library$AddressAllocCurrentDirectoryFreeGlobalInitializeLoadProcThreadTokenUninitializelstrlen
      • String ID:
      • API String ID: 1429436423-0
      • Opcode ID: 6b493c6291aa89295246603461d844ece040bae4945b6019d69cdcbfa37a18a3
      • Instruction ID: 24aa4c543f818c760d1b487f4d30c3309a18283bab42edbdde03282bcb0084fb
      • Opcode Fuzzy Hash: 6b493c6291aa89295246603461d844ece040bae4945b6019d69cdcbfa37a18a3
      • Instruction Fuzzy Hash: 5241DF72A409359BC7216B288C48FBEB2A7EF94751F45426DEC47E7360DE34ED8286D0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(00000064), ref: 10002D1D
      • CloseHandle.KERNEL32(?), ref: 10002D33
      • CloseHandle.KERNEL32(?), ref: 10002D3D
      • CloseHandle.KERNEL32(?), ref: 10002D47
      • WSACleanup.WS2_32 ref: 10002D49
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D63
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D7C
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D95
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DB5
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DCC
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DE3
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: FreeVirtual$CloseHandle$CleanupSleep
      • String ID:
      • API String ID: 21600312-0
      • Opcode ID: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
      • Instruction ID: e8e7963b61715e07e1f975425be793fcef977bd32e5d06e796b9a2ad35ea54e2
      • Opcode Fuzzy Hash: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
      • Instruction Fuzzy Hash: A72107B1600B54ABE760DF6A8DC4A16F7E8FF542847924C2EF682D7A54C7B4FC448E20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,883AEF3E,00000000,00000000,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
      • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
      • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast), ref: 10009C09
      • _CxxThrowException.MSVCR100(?,10013774), ref: 10009C18
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,10013774), ref: 10009C28
      • std::locale::facet::_Facet_Register.LIBCPMT ref: 10009C2F
      • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowstd::locale::facet::_
      • String ID: bad cast
      • API String ID: 3754268192-3145022300
      • Opcode ID: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
      • Instruction ID: 8e14b074035db8c01746d2bfa9994902538dc9c994fd8b17045a7e04c907522a
      • Opcode Fuzzy Hash: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
      • Instruction Fuzzy Hash: CA31D2B6904124AFEB14CF54DD84A9EB7B8FB043B0F518259ED26A73A1DB30ED40CB81
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(883AEF3E,0000002D,?,00000000,?), ref: 1000BFAD
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,883AEF3E,0000002D,?,00000000,?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000BFCD
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000C00A
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,?,?,10007D4F,?), ref: 1000C027
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000C063
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_??2@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 1881732901-0
      • Opcode ID: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
      • Instruction ID: 2564591a47ad9c99d460cfe4242aa2a7db49b47659ffe0b548625c32ae3f8a46
      • Opcode Fuzzy Hash: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
      • Instruction Fuzzy Hash: AA918074A00749DFEB14CF24C890A9ABBF1FF49390F04856DE8AA97746D730E954CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,00000001,00000001,?,10003B03), ref: 10003E05
      • LeaveCriticalSection.KERNEL32(?,?,10003B03), ref: 10003E50
      • send.WS2_32(10003B03,?,?,00000000), ref: 10003E6E
      • EnterCriticalSection.KERNEL32(?), ref: 10003E81
      • LeaveCriticalSection.KERNEL32(?), ref: 10003E94
      • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003EBC
      • WSAGetLastError.WS2_32(?,10003B03), ref: 10003EC7
      • EnterCriticalSection.KERNEL32(?,?,10003B03), ref: 10003EDB
      • LeaveCriticalSection.KERNEL32(?), ref: 10003F14
      • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003F51
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
      • String ID:
      • API String ID: 1701177279-0
      • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction ID: 95e7f1dcb72b6087f728085c9acbc1400d3849db0c1b3c989ec691719f25d438
      • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction Fuzzy Hash: 884114B1504A419FE761CF78C8C8AA7B7F8EB49380F10896EE96ACB255D730E8418B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 03005A09
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03005A54
      • send.WS2_32(03005707,?,?,00000000), ref: 03005A72
      • RtlEnterCriticalSection.NTDLL(?), ref: 03005A85
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03005A98
      • HeapFree.KERNEL32(00000000,00000000,?,?,03005707), ref: 03005AC0
      • WSAGetLastError.WS2_32(?,03005707), ref: 03005ACB
      • RtlEnterCriticalSection.NTDLL(?), ref: 03005ADF
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03005B18
      • HeapFree.KERNEL32(00000000,00000000,?,?,03005707), ref: 03005B55
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
      • String ID:
      • API String ID: 1701177279-0
      • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction ID: f507a823096b2513acd18ad09f6da723a770abf05b220c50888a96cc043a3406
      • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction Fuzzy Hash: 6841E7B15097009BE764DF78CCC8AA7B7E8BB4A300F44896DE96ECB290D771E4418F50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 100036A0: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
        • Part of subcall function 100036A0: free.MSVCR100(?), ref: 100036DC
        • Part of subcall function 100036A0: malloc.MSVCR100 ref: 10003718
        • Part of subcall function 100036A0: memset.MSVCR100 ref: 10003727
      • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035A5
      • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035B3
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100035DA
      • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 100035F3
      • _beginthreadex.MSVCR100 ref: 10003615
      • ResetEvent.KERNEL32(?,?,?,10016A3C), ref: 1000362E
      • SetLastError.KERNEL32(00000000), ref: 10003661
      • GetLastError.KERNEL32 ref: 10003679
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      • SetLastError.KERNEL32(00000000), ref: 10003689
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_beginthreadexclosesocketfreemallocmemsetsendshutdown
      • String ID:
      • API String ID: 2811472597-0
      • Opcode ID: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
      • Instruction ID: 528c5fe63bee85bd579387a06ccf710ef0ae3c773235a27bcf9d154c9c99c380
      • Opcode Fuzzy Hash: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
      • Instruction Fuzzy Hash: C3415BB1600704AFE360DF69CC80B5BB7E8FB48751F50892EEA46D7690DBB1F9548B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSASetLastError.WS2_32(0000000D), ref: 10004D63
      • EnterCriticalSection.KERNEL32(?), ref: 10004D78
      • WSASetLastError.WS2_32(00002746), ref: 10004D8A
      • LeaveCriticalSection.KERNEL32(?), ref: 10004D91
      • timeGetTime.WINMM ref: 10004DBF
      • timeGetTime.WINMM ref: 10004DE7
      • SetEvent.KERNEL32(?), ref: 10004E25
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10004E31
      • LeaveCriticalSection.KERNEL32(?), ref: 10004E38
      • LeaveCriticalSection.KERNEL32(?), ref: 10004E4B
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
      • String ID:
      • API String ID: 1979691958-0
      • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction ID: ec2b79fedc414f9553798197052756955a32ae4d36ffb583ee8fc20c2801b713
      • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction Fuzzy Hash: 3C4118B1600341DFE320DF68C888A5AB7F9FF89794F02855AE44AC7755EB35EC518B44
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSASetLastError.WS2_32(0000000D), ref: 03006967
      • RtlEnterCriticalSection.NTDLL(?), ref: 0300697C
      • WSASetLastError.WS2_32(00002746), ref: 0300698E
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03006995
      • timeGetTime.WINMM ref: 030069C3
      • timeGetTime.WINMM ref: 030069EB
      • SetEvent.KERNEL32(?), ref: 03006A29
      • InterlockedExchange.KERNEL32(?,00000001), ref: 03006A35
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03006A3C
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03006A4F
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
      • String ID:
      • API String ID: 1979691958-0
      • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction ID: d7c66acad267376858ef5be2401c84fbdd2c90a0ae566ff3834fab462b53f92f
      • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction Fuzzy Hash: B041E4716013089FE720DF68C888A6AF7FEFB49314F088599E48AC7691D776E4618B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • socket.WS2_32(00000002,00000002,00000011), ref: 1000375F
      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 10003798
      • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 100037B5
      • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 100037C8
      • WSACreateEvent.WS2_32 ref: 100037CA
      • gethostbyname.WS2_32(?), ref: 100037D4
      • htons.WS2_32(?), ref: 100037ED
      • WSAEventSelect.WS2_32(?,?,00000030), ref: 1000380B
      • connect.WS2_32(?,?,00000010), ref: 10003820
      • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 1000382F
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Eventsetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
      • String ID:
      • API String ID: 2147236057-0
      • Opcode ID: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
      • Instruction ID: 832f1b8ff29030e8bf453c954313f24a602478d3b057f428ca850e8eb3ef4c46
      • Opcode Fuzzy Hash: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
      • Instruction Fuzzy Hash: B0312AB1A00319AFE710DFA4CC85E7FB7B8FB48760F108619F622972D0DA75EA158B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 10004443
      • ResetEvent.KERNEL32(?), ref: 1000444C
      • timeGetTime.WINMM ref: 1000444E
      • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
      • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
      • ResetEvent.KERNEL32(?), ref: 100044C8
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      • ResetEvent.KERNEL32(?), ref: 100044DC
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
      • String ID:
      • API String ID: 542259498-0
      • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
      • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryA.KERNEL32(?), ref: 0300724A
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 0300727F
      • LoadLibraryA.KERNEL32(10012638), ref: 030072D7
      • CloseHandle.KERNEL32(?), ref: 030072F6
      • FreeLibrary.KERNEL32(00000000), ref: 03007301
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: Library$Load$CloseCurrentFreeHandleProcess
      • String ID: .dll$Adva$pi32
      • API String ID: 1168765234-3719434023
      • Opcode ID: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
      • Instruction ID: d33e07176c5f64ac0ca2eb907bf8ddcdbebe59b470a15c9dc14b833d68c77f04
      • Opcode Fuzzy Hash: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
      • Instruction Fuzzy Hash: E13191B5A01218ABEB11DFB4DD89BEEBBB8EF49701F104159FA05A7280DB74D910CB64
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      • ResolveDelayLoadedAPI, xrefs: 006C9123
      • KERNEL32.DLL, xrefs: 006C9113
      • ResolveDelayLoadsFromDll, xrefs: 006C9137
      • api-ms-win-core-delayload-l1-1-1.dll, xrefs: 006C9103
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID:
      • String ID: KERNEL32.DLL$ResolveDelayLoadedAPI$ResolveDelayLoadsFromDll$api-ms-win-core-delayload-l1-1-1.dll
      • API String ID: 0-3594434003
      • Opcode ID: 76dfd9af90e0dd74f8e791168256046cfa8cc9aefb15a11ff43f6017c7bcde9b
      • Instruction ID: 904aac04209ea33e7f422e9373d97fb864a7c9ce459c877d3d5e8555b898cccb
      • Opcode Fuzzy Hash: 76dfd9af90e0dd74f8e791168256046cfa8cc9aefb15a11ff43f6017c7bcde9b
      • Instruction Fuzzy Hash: BEF02B72542633664B316BA85CAFFFA124BCF01BA4306112DFC50E7644DB14CD0086F0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 006C9E35: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 006C9E62
        • Part of subcall function 006C9E35: GetCurrentProcessId.KERNEL32 ref: 006C9E71
        • Part of subcall function 006C9E35: GetCurrentThreadId.KERNEL32 ref: 006C9E7A
        • Part of subcall function 006C9E35: GetTickCount.KERNEL32 ref: 006C9E83
        • Part of subcall function 006C9E35: QueryPerformanceCounter.KERNEL32(?), ref: 006C9E98
      • GetStartupInfoW.KERNEL32(?,006CA310,00000058), ref: 006C934F
      • Sleep.KERNEL32(000003E8), ref: 006C9384
      • _amsg_exit.MSVCRT ref: 006C9399
      • _initterm.MSVCRT ref: 006C93ED
      • __IsNonwritableInCurrentImage.LIBCMT ref: 006C9419
      • exit.MSVCRT ref: 006C948F
      • _ismbblead.MSVCRT ref: 006C94AA
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
      • String ID:
      • API String ID: 836923961-0
      • Opcode ID: aef72d23d318a8382d5b558b15eb0eb6e93e147b4561d6eb38eb81157ea53bdd
      • Instruction ID: af40c0b3d6d8743822026cbb7ab4f91eafa5771808df254005b97d32fc34c593
      • Opcode Fuzzy Hash: aef72d23d318a8382d5b558b15eb0eb6e93e147b4561d6eb38eb81157ea53bdd
      • Instruction Fuzzy Hash: CE41CF71A44254CBDB259FA4D909FB977E7EB49720F20902EE94AD7791CB748802CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@$free
      • String ID:
      • API String ID: 2241099983-0
      • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
      • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
      • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
      • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
      • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
      • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
      • SetLastError.KERNEL32(0000139F), ref: 10004CD9
      • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
      • LeaveCriticalSection.KERNEL32(00000002), ref: 10004CE9
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
      • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
      • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
      • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • memmove.MSVCR100 ref: 1000753B
      • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,883AEF3E), ref: 10007636
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,883AEF3E), ref: 10007664
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,883AEF3E), ref: 1000766F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
      • String ID: invalid string position$string too long
      • API String ID: 2621357903-4289949731
      • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
      • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
      • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
      • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: memmove$??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2515916401-3788999226
      • Opcode ID: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
      • Instruction ID: 01a5416ad76a64336723064fc840d625202b6d5d1d61444833dd7ade9053a0ae
      • Opcode Fuzzy Hash: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
      • Instruction Fuzzy Hash: BD3150B560030A9FDB18DF69CC9496FB7E6FF84250B158A3DE95AC3344EB30E9118A91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OutputDebugStringA.KERNEL32(10012B64), ref: 0301008D
        • Part of subcall function 0300FA94: OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0300FAC1
        • Part of subcall function 0300FA94: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0300FADE
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0300FB9D
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0300FBDC
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0300FC1B
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0300FC5A
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0300FC99
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0300FCD8
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0300FD17
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0300FD56
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0300FD95
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0300FDD4
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0300FE13
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0300FE52
        • Part of subcall function 0300FA94: LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0300FE91
        • Part of subcall function 0300FA94: GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0300FEE1
        • Part of subcall function 0300FA94: SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0300FEF5
        • Part of subcall function 0300FA94: PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0300FF23
        • Part of subcall function 0300FA94: TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0300FF40
        • Part of subcall function 0300FA94: CloseHandle.KERNEL32(?), ref: 0300FF5E
        • Part of subcall function 0300FA94: CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0300FF79
      • RegSetValueExA.ADVAPI32(?,10012B20,00000000,00000001,?,?), ref: 0301010D
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: Value$LookupPrivilege$Process$CloseHandleOpenToken$DebugInformationLengthMessageOutputPostStringTerminateThread
      • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
      • API String ID: 2737639916-1482746000
      • Opcode ID: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
      • Instruction ID: bc3883cd2113e5ba2a4185b38f43c31422207f5bc5c11fc8ef5db1767196dc2f
      • Opcode Fuzzy Hash: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
      • Instruction Fuzzy Hash: B001C0B460425A9AEB29EB608C94FFE776ADFC9700F008188E6056F181DE74D9918F54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegisterServiceCtrlHandlerW.ADVAPI32(MSIServer,Function_000085A0), ref: 006C7E2A
      • GetLastError.KERNEL32 ref: 006C7E39
        • Part of subcall function 006C59F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 006C5A12
        • Part of subcall function 006C59F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 006C5A8A
        • Part of subcall function 006C59F2: RegCloseKey.ADVAPI32(?), ref: 006C5AAA
        • Part of subcall function 006C59F2: GlobalFree.KERNEL32(?), ref: 006C5ABF
        • Part of subcall function 006C59F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 006C5B14
        • Part of subcall function 006C59F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 006C5B35
        • Part of subcall function 006C59F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 006C5B3C
        • Part of subcall function 006C59F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 006C5B59
        • Part of subcall function 006C59F2: RegCloseKey.ADVAPI32(?), ref: 006C5B65
      • CreateThread.KERNEL32(00000000,00000000,Function_00007EB0,00000000,00000000,006CC6A8), ref: 006C7E72
      • GetLastError.KERNEL32(00007530), ref: 006C7E80
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: ErrorLastValue$CloseCreate$CtrlFreeGlobalHandlerQueryRegisterServiceThreadlstrlen
      • String ID: MSIServer$RegisterServiceCtrlHandler failed.
      • API String ID: 1878216277-870239898
      • Opcode ID: 086bc513603ca49c3c8fee04f96bd587f85ddf6da9d9f1bc0bde0d24f4230490
      • Instruction ID: a430af3a1edc2040484cc4fdcd5b709922d2b6b19d2bc7615cbaf711c2de6443
      • Opcode Fuzzy Hash: 086bc513603ca49c3c8fee04f96bd587f85ddf6da9d9f1bc0bde0d24f4230490
      • Instruction Fuzzy Hash: 9801FE72745221ABC32057669D0DFBB2D6BDF85771B00115DF90DD1290D670DC03CAB5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,883AEF3E,?,883AEF3E,10008EF2), ref: 1000A71D
        • Part of subcall function 1000A670: ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,883AEF3E,?,883AEF3E,10008EF2), ref: 1000A740
        • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,883AEF3E), ref: 1000A76E
        • Part of subcall function 1000D240: ??3@YAXPAX@Z.MSVCR100 ref: 1000D24D
        • Part of subcall function 1000D240: memmove.MSVCR100 ref: 1000D274
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009341
      • ??3@YAXPAX@Z.MSVCR100 ref: 100093AF
      • memmove.MSVCR100 ref: 100093D6
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009409
      • ??3@YAXPAX@Z.MSVCR100 ref: 100094E8
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000950C
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009541
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009565
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@$Decref@facet@locale@std@@V123@memmove$?tolower@?$ctype@D@std@@
      • String ID:
      • API String ID: 666130115-0
      • Opcode ID: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
      • Instruction ID: d6409eecbe246477b522489d28038a04a4d9b35d361d7e3d4c0a1cf6a561d2a1
      • Opcode Fuzzy Hash: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
      • Instruction Fuzzy Hash: 1BA1BFB1D042589FEF11CFA8C884ADEBBF5EF48340F24852AE445A7245D735EA45CFA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F04
      • LoadLibraryA.KERNEL32(?), ref: 10005F20
      • GetProcessHeap.KERNEL32(00000000,FFFC66E8,8B068BFF), ref: 10005F46
      • HeapReAlloc.KERNEL32(00000000), ref: 10005F4D
      • GetProcessHeap.KERNEL32(00000000,?), ref: 10005F57
      • HeapAlloc.KERNEL32(00000000), ref: 10005F5E
      • GetProcAddress.KERNEL32(00000000,?), ref: 10005FAB
      • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005FCE
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
      • String ID:
      • API String ID: 1153753045-0
      • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
      • Instruction ID: 639725d520a12f96a9ac537266dd15796de30ad03c8f0809102f2ab076afd855
      • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
      • Instruction Fuzzy Hash: EB416D7560021B9FE710DF69C884B6AB7E8FF4839AF118179E909D7251E736EC10CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • socket.WS2_32(00000002,00000002,00000011), ref: 03005363
      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 0300539C
      • WSACreateEvent.WS2_32 ref: 030053CE
      • gethostbyname.WS2_32(?), ref: 030053D8
      • htons.WS2_32(?), ref: 030053F1
      • WSAEventSelect.WS2_32(?,?,00000030), ref: 0300540F
      • connect.WS2_32(?,?,00000010), ref: 03005424
      • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 03005433
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
      • String ID:
      • API String ID: 603330298-0
      • Opcode ID: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
      • Instruction ID: 9980199d6e0120397446fa87a0b5bfe1fda7a1d559922715bb99b97c566d4bee
      • Opcode Fuzzy Hash: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
      • Instruction Fuzzy Hash: FA314CB5A00319AFE714DFA4CC85EBFB7B8FB49714F104A19F622972D0DA74DA108B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 10003F65
      • SetLastError.KERNEL32(0000139F,?,74DEDFA0,10003688), ref: 10004054
        • Part of subcall function 10002BA0: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 10002BB6
        • Part of subcall function 10002BA0: SwitchToThread.KERNEL32 ref: 10002BCA
      • send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
      • SetEvent.KERNEL32(?), ref: 10003FE9
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
      • WSACloseEvent.WS2_32(?), ref: 10004003
      • shutdown.WS2_32(?,00000001), ref: 1000401B
      • closesocket.WS2_32(?), ref: 10004025
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
      • String ID:
      • API String ID: 3254528666-0
      • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction ID: 33fc8edb3bfa16432b1da941d8e6096b20875d7008fd88c2fc111e4d4adde92b
      • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction Fuzzy Hash: 392148B56007109BE321DF64C888B5BB7F9FB88791F11891CF28297690CBB9F855CB54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 03005B69
      • SetLastError.KERNEL32(0000139F,?,100120A0,0300528C), ref: 03005C58
        • Part of subcall function 030047A4: SwitchToThread.KERNEL32 ref: 030047CE
      • send.WS2_32(?,1001242C,00000010,00000000), ref: 03005BCA
      • SetEvent.KERNEL32(?), ref: 03005BED
      • InterlockedExchange.KERNEL32(?,00000000), ref: 03005BF9
      • WSACloseEvent.WS2_32(?), ref: 03005C07
      • shutdown.WS2_32(?,00000001), ref: 03005C1F
      • closesocket.WS2_32(?), ref: 03005C29
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLastSwitchclosesocketsendshutdown
      • String ID:
      • API String ID: 518013673-0
      • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction ID: e37583e241c706859c049af515e59ce558c0cfc71d37824a5b130be3f323cb41
      • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction Fuzzy Hash: 382135B42017109BE734DF68CD88B9AB7F5BB89710F188918E2928A6D0D7B9E455CF50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004074
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004087
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004090
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004099
        • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100015D0
        • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
        • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
      • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040B9
      • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040D4
      • SetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004150
      • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004157
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
      • String ID:
      • API String ID: 2266972149-0
      • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
      • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000005,?,?,?,10007D4F,?), ref: 10009653
      • ??2@YAPAXI@Z.MSVCR100 ref: 10009668
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000006,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099C1
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000004,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099D4
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(0000000A,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099F7
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@$??2@
      • String ID:
      • API String ID: 432566381-0
      • Opcode ID: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
      • Instruction ID: b8931feace3fce552cd7dc028dd2a20196b90b2ee431afbed85b6d5b4f70debe
      • Opcode Fuzzy Hash: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
      • Instruction Fuzzy Hash: 89D12934E089C75FFB55CB24C4A032677E1FF063C4F26805ED69987A9AC725ACA5C782
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 10001610: vsprintf.MSVCR100 ref: 10001646
      • malloc.MSVCR100 ref: 10002350
      • memcpy.MSVCR100 ref: 10002397
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: mallocmemcpyvsprintf
      • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
      • API String ID: 4208594302-868042568
      • Opcode ID: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
      • Instruction ID: 2d637e10643cae3ae86f13c8a9a6f4a8ec5bbbe4351a433474e625fb8ee90fc4
      • Opcode Fuzzy Hash: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
      • Instruction Fuzzy Hash: C4B1A375A002059BEB08CF68D8806AE7BF5FF84390F1585AEED499B34AD731ED51CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(883AEF3E,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 100079B6
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,883AEF3E,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A13
      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,883AEF3E,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A40
      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
      • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
      • String ID:
      • API String ID: 753523128-0
      • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
      • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
      • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
      • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 03006FB8
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 03006FDD
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 03006FF1
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 0300703C
      • CopyFileA.KERNEL32(?,?,00000000), ref: 03007072
      • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030070D7
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030070F8
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03007120
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0300713A
      • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03007147
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
      • String ID: D$\msiexec.exe
      • API String ID: 3303475852-2685333904
      • Opcode ID: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
      • Instruction ID: 5d72f291622df05f09f50c9f23ca589e0881a6c94f30333a53b9696be787a487
      • Opcode Fuzzy Hash: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
      • Instruction Fuzzy Hash: AA516CF190122CAFEB25DB64CCC4AEAB7BDEB48704F0481D9E60997150EA719F94CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: lstrlen
      • String ID: MSIINSTANCEGUID=
      • API String ID: 1659193697-2015669138
      • Opcode ID: 05d9778e5f103c33f48efea24eca323341c29dd24406f4f53eaa8efe6778d33d
      • Instruction ID: a9726a4f521a92a865d65a63eecbb71c1c141e7f2c364504a61463ae022c25ad
      • Opcode Fuzzy Hash: 05d9778e5f103c33f48efea24eca323341c29dd24406f4f53eaa8efe6778d33d
      • Instruction Fuzzy Hash: 68417F31B002149BC710EB74EC59FBA77ABFB48324F14216DEA0AA7251DB75AD41CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetModuleHandleExW.KERNEL32(00000000,Msi.dll,00000000,00000000,?,?,006C3B73), ref: 006C5C06
      • GetProcAddress.KERNEL32(00000000,QueryInstanceCount), ref: 006C5C18
      • FreeLibrary.KERNEL32(00000000,?,?,006C3B73), ref: 006C5C35
      • FreeLibrary.KERNEL32(00000000,?,?,006C3B73), ref: 006C5C42
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: FreeLibrary$AddressHandleModuleProc
      • String ID: Msi.dll$QueryInstanceCount
      • API String ID: 1227796897-1207408768
      • Opcode ID: 59c3bfc6b604cd9fc974d079384f61f0956b9aa2f8747ca64202ffdbf26b349f
      • Instruction ID: 8d32243695646d8bf058743ee3e9de0967d93ee199f48de1014c28fc860bfcee
      • Opcode Fuzzy Hash: 59c3bfc6b604cd9fc974d079384f61f0956b9aa2f8747ca64202ffdbf26b349f
      • Instruction Fuzzy Hash: 39F0BE31A50208FBDB006B61CD0DFFE7AABEF0574AF040038A803E2160DB34DE01AA64
      Uniqueness

      Uniqueness Score: -1.00%

      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: lstrlen
      • String ID: PECMS$PackageCode$REINSTALL=ALL REINSTALLMODE=%s$rpoedcamusv
      • API String ID: 1659193697-1647986965
      • Opcode ID: c72bc6bb9714b5f5b55f726647dd3da8a41ec10d485d3f7d8198f25017647db4
      • Instruction ID: 3abb24881a81673c5676c5971d5549541fc7bce2e475e7b6d788237c92038ea3
      • Opcode Fuzzy Hash: c72bc6bb9714b5f5b55f726647dd3da8a41ec10d485d3f7d8198f25017647db4
      • Instruction Fuzzy Hash: DB61F2716047419BD720EA64DC55FFB73EAEB94350F14492EF846C7280EB74EA858682
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,?,?,?,883AEF3E,?,?,10010B78,000000FF), ref: 10004ECA
      • WSASetLastError.WS2_32(0000139F,?,?,?,?,883AEF3E,?,?,10010B78,000000FF), ref: 10004EE2
      • LeaveCriticalSection.KERNEL32(?), ref: 10004EEC
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction ID: 5d7e202c9453111bf760a64193654abb888b24a6dd7784caadbc8dba9623b2f2
      • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction Fuzzy Hash: 0D318EB6A04744ABE710CF94DC86B6AB3E8FB48750F01852AFD16C3784DB36E810CB54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 03006ACE
      • WSASetLastError.WS2_32(0000139F,?,?,?,?,10016034,?,?,10010B78,000000FF), ref: 03006AE6
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03006AF0
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction ID: bc8fc03179d593518a140733791411f84629c5ba765fecd53e6bc1f1c9646c82
      • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction Fuzzy Hash: 1531BEB6604748ABE720DF94DC85F6AB3E9FB89710F00855AF915C7780D736E860CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
      • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
      • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
      • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
      • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
      • String ID:
      • API String ID: 672040072-0
      • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
      • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
      • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
      • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000913B
      • _CxxThrowException.MSVCR100 ref: 10009153
      Strings
      • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 10008E11, 10008E38
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??0exception@std@@ExceptionThrow
      • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
      • API String ID: 2684170311-3812731148
      • Opcode ID: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
      • Instruction ID: 4ff9fd43ccc38cada941469353b65ddf61956220ecca57f71b677a99dd077398
      • Opcode Fuzzy Hash: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
      • Instruction Fuzzy Hash: 39C19C712082519FEB04CF18C4C4B9A7BE5EF85390F5485A9EC898F24EC775E985CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • FreeLibrary.KERNEL32(?,?,00000000,1000612A), ref: 1000629F
      • GetProcessHeap.KERNEL32(00000000,?,00000000,1000612A), ref: 100062AE
      • HeapFree.KERNEL32(00000000), ref: 100062B5
      • VirtualFree.KERNEL32(?,00000000,00008000,1000612A), ref: 100062CB
      • GetProcessHeap.KERNEL32(00000000,00000000,1000612A), ref: 100062D4
      • HeapFree.KERNEL32(00000000), ref: 100062DB
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: FreeHeap$Process$LibraryVirtual
      • String ID:
      • API String ID: 3521805120-0
      • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction ID: 4e8ae9d798ed328c3ac5cf3a0713134e707d5c220115033f18ab452dde1a0258
      • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction Fuzzy Hash: E5113070600B11EFE660CFA5CC88F1673EAEB89791F20CA18E15697594C774F851CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10004761
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000476C
      • Sleep.KERNEL32(00000258), ref: 10004779
      • CloseHandle.KERNEL32(?), ref: 10004794
      • CloseHandle.KERNEL32(?), ref: 1000479D
      • Sleep.KERNEL32(0000012C), ref: 100047AE
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
      • String ID:
      • API String ID: 1019945655-0
      • Opcode ID: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
      • Instruction ID: ab300de59104cfa3b6c6a7cb3b929f183dbe93be0b3bbffdefcd2026bf0c7e40
      • Opcode Fuzzy Hash: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
      • Instruction Fuzzy Hash: FDF030762046146BD610EBA9CC84D4BF3E9EFD9730B218709F26583294CA70FC018BA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003341
      • Sleep.KERNEL32(00000258), ref: 1000334E
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10003356
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003362
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000336A
      • Sleep.KERNEL32(0000012C), ref: 1000337B
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
      • String ID:
      • API String ID: 3137405945-0
      • Opcode ID: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
      • Instruction ID: 009e06f348ae16128d23bb0ec9214422679a084963a6134c51d0f5301ed01227
      • Opcode Fuzzy Hash: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
      • Instruction Fuzzy Hash: FDF01272204714ABD610DBA9CCC4D56F3A8AF99734F218709F365932E0CAB4E805CB60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 006C878A: GlobalAlloc.KERNEL32(00000040,00000000,00000000,00000001,00000000,?,006C5E28,00000100), ref: 006C87A2
        • Part of subcall function 006C878A: GlobalFree.KERNEL32(?), ref: 006C87C0
      • GetModuleFileNameW.KERNEL32(?,00000104,00000104,?,?,00001388,?,006CA2B0,000000A8,006C6E7E,00000000,00000000,?), ref: 006C4457
      • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,006CA2B0,000000A8,006C6E7E,00000000,00000000,?), ref: 006C44E0
      • GlobalFree.KERNEL32(?), ref: 006C450F
      • GlobalFree.KERNEL32(?), ref: 006C4590
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Global$Free$Alloc$FileModuleName
      • String ID: %d.%d.%.4d.%d
      • API String ID: 906160587-3399825337
      • Opcode ID: f6cf6a7b4a15666a0153d25a2eff4c9cbbb62f7d6290c6eb36c0342cd14dca23
      • Instruction ID: 22400ca9d80afff729f3973b30fa5cb6f985350db37a5d2b8b81c45c40d22e50
      • Opcode Fuzzy Hash: f6cf6a7b4a15666a0153d25a2eff4c9cbbb62f7d6290c6eb36c0342cd14dca23
      • Instruction Fuzzy Hash: D17148B1A002289FDB20DB64CD55FFEBBBAEF45310F1441AEA949A3291DB315E85CF11
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: free
      • String ID:
      • API String ID: 1294909896-0
      • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
      • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
      • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
      • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,883AEF3E,?,00000000,?,10008EF2), ref: 1000C89C
      • memmove.MSVCR100 ref: 1000C8F5
      • memmove.MSVCR100 ref: 1000C91C
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: memmove$??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2515916401-3788999226
      • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
      • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
      • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
      • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
      • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryExA.KERNEL32(?), ref: 006C91E4
      • GetProcAddress.KERNEL32(?,?), ref: 006C924F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressLibraryLoadProc
      • String ID: $
      • API String ID: 2574300362-3993045852
      • Opcode ID: 2d4444e6138b610b0422271fd95c97148daf75741d9e6e3c8b3b44e0e5589885
      • Instruction ID: d46ff8b2e2ffc5aa335d53a69fc5a642b843d3911f87f7f856176cef8f0eb3b5
      • Opcode Fuzzy Hash: 2d4444e6138b610b0422271fd95c97148daf75741d9e6e3c8b3b44e0e5589885
      • Instruction Fuzzy Hash: 90312A71A01215ABCB11DFA9C848FBEBBB6EF48754F14806DE845E7350D7359A01CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
      • memcpy.MSVCR100 ref: 1000D5C6
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: invalid string position$string too long
      • API String ID: 4248180022-4289949731
      • Opcode ID: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
      • Instruction ID: 02f1bde33a7f6a4f0b7ca151306c8b86bee2ec7feaee009fa3221f14d761e210
      • Opcode Fuzzy Hash: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
      • Instruction Fuzzy Hash: 1A114C75300A059FEB08EF68EC84A6D77A5FB4429AB11052AFA06CB245D771E990CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(006CC838,?,?,?,006C3C1E,00000000,00000000), ref: 006C3C31
      • SetServiceStatus.ADVAPI32(006CC850,?,?,?,006C3C1E,00000000,00000000), ref: 006C3CC0
      • GetLastError.KERNEL32(?,?,?,006C3C1E,00000000,00000000), ref: 006C3CCC
      • LeaveCriticalSection.KERNEL32(006CC838,?,?,?,006C3C1E,00000000,00000000), ref: 006C3CDF
      Strings
      • SetServiceStatus failed., xrefs: 006C3CD4
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeaveServiceStatus
      • String ID: SetServiceStatus failed.
      • API String ID: 427148986-1344523210
      • Opcode ID: 9c60b5d03cd50ebaa0d1e377c786bedb30d4d6286a231fc26257e90560e74e1b
      • Instruction ID: 513a01ca3af49a584f86ac75ad15732343c5187394be7073a44c774e13bf3803
      • Opcode Fuzzy Hash: 9c60b5d03cd50ebaa0d1e377c786bedb30d4d6286a231fc26257e90560e74e1b
      • Instruction Fuzzy Hash: 5B115B32A422609BD710AF29EC48F7A7FE7E745771F05902EE80EA3320C7B18941CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(0000000A,?,006C8B8F,?,?), ref: 006C8AE8
      • LoadLibraryW.KERNEL32(COMCTL32,006C8B8F,?,?), ref: 006C8B10
      • GetProcAddress.KERNEL32(?,InitCommonControlsEx), ref: 006C8B2E
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressLibraryLoadProcSleep
      • String ID: COMCTL32$InitCommonControlsEx
      • API String ID: 188063004-472741233
      • Opcode ID: 10d7fa0f44b290443ada94ab06a1ad7aee0b92222a8d2a82338f497018383a27
      • Instruction ID: 5f06c98b31eefef1b37422ff31369044e488424dc5cbbb01a32fe0f59bb64065
      • Opcode Fuzzy Hash: 10d7fa0f44b290443ada94ab06a1ad7aee0b92222a8d2a82338f497018383a27
      • Instruction Fuzzy Hash: 62F067B16402828FD7226B28AC5CF727FABEBA5366F04243ED805C7260EF34D801CB10
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetVersion.KERNEL32(006C6E67,?), ref: 006C63A0
      • GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 006C63B3
      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 006C63C4
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressHandleModuleProcVersion
      • String ID: HeapSetInformation$Kernel32.dll
      • API String ID: 3310240892-3460614246
      • Opcode ID: 8c8492f33288bbd1e1c1231135aaeb6ee78d871cf68fb216c4a4c87a67533e5a
      • Instruction ID: cf6365a2d0bd32102d9b63dd821be4c437df8f85de413b0ae18e2a7fd86763ba
      • Opcode Fuzzy Hash: 8c8492f33288bbd1e1c1231135aaeb6ee78d871cf68fb216c4a4c87a67533e5a
      • Instruction Fuzzy Hash: 0CE0CD307402616BDB601775EC8CFB77E4FDB02B817056039B905E2250D920CC0146FC
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
      • String ID:
      • API String ID: 2760534091-0
      • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
      • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
      • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
      • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,883AEF3E,?,883AEF3E,10008EF2), ref: 1000A71D
      • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,883AEF3E,?,883AEF3E,10008EF2), ref: 1000A740
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,883AEF3E), ref: 1000A76E
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7B3
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7C0
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 551958918-0
      • Opcode ID: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
      • Instruction ID: 0fa7d05f19d1acb58b9383a605f7864dac9a50907dca70db0252d2cb3e85a45c
      • Opcode Fuzzy Hash: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
      • Instruction Fuzzy Hash: 61514FB5A01259AFEB00DFA8C984B9EBBF5FF49750F108119E805E7345DB70AE41CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,883AEF3E,?,883AEF3E,?), ref: 1000CC39
      • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,883AEF3E,?,883AEF3E,?), ref: 1000CC5C
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,10010E09,000000FF,?,1000CA00,?,?,883AEF3E), ref: 1000CC8A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCCF
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCDC
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 551958918-0
      • Opcode ID: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
      • Instruction ID: c131282bc4579c986c972f2adb03389835f40558fee83756ef3b82deba687527
      • Opcode Fuzzy Hash: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
      • Instruction Fuzzy Hash: 88512CB5A01259EFEB04DFA8C994B9EBBF5FF48740F108169E805E7345DB70AA01CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000D6C8
      • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(80000000,883AEF3E,00000000,?,00000000,00000000), ref: 1000D6E8
      • _CxxThrowException.MSVCR100 ref: 1000D6FE
        • Part of subcall function 1000D600: ??2@YAPAXI@Z.MSVCR100 ref: 1000D612
        • Part of subcall function 1000D600: ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000D62D
        • Part of subcall function 1000D600: _CxxThrowException.MSVCR100(?,10013704), ref: 1000D643
      • memcpy.MSVCR100 ref: 1000D740
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000D751
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??0exception@std@@??2@ExceptionThrow$??3@memcpy
      • String ID:
      • API String ID: 1366379292-0
      • Opcode ID: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
      • Instruction ID: 6dedfff981291254d8f0f0f89a0f1b07b51f4c0be1b682e6e92bcdd5696b02d0
      • Opcode Fuzzy Hash: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
      • Instruction Fuzzy Hash: AB41BA75D04605AFDB04EF68C98069DB7F4FB042A0F50422AF91A97784E731E950CBB1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,883AEF3E,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?,?,10006CA5), ref: 1000C420
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(883AEF3E,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?), ref: 1000C403
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000C435
      • realloc.MSVCR100 ref: 1000C463
      • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000C472
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: D@std@@Incref@facet@locale@std@@Lockit@std@@$??0_??0bad_cast@std@@??1_??2@?tolower@?$ctype@Bid@locale@std@@Decref@facet@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV123@V42@@Vfacet@locale@2@Xmem@tr1@std@@reallocstd::locale::facet::_
      • String ID:
      • API String ID: 1657136341-0
      • Opcode ID: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
      • Instruction ID: 4099fa0d0876d1a195df608e329946193385f4c805ecebf18ba5ac7bf75522a8
      • Opcode Fuzzy Hash: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
      • Instruction Fuzzy Hash: F8315975600705EFE710CF59C890A6ABBF5FF88390F15856DE89A8B751D730E940CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 03005C78
        • Part of subcall function 03003094: HeapFree.KERNEL32(?,00000000,?,?,?,03005CB5,?,00000000,03005C3D,?,100120A0,0300528C), ref: 030030B1
      • HeapDestroy.KERNEL32(?,?,00000000,03005C3D,?,100120A0,0300528C), ref: 03005CBD
      • HeapCreate.KERNEL32(?,?,?,?,00000000,03005C3D,?,100120A0,0300528C), ref: 03005CD8
      • SetEvent.KERNEL32(?,?,00000000,03005C3D,?,100120A0,0300528C), ref: 03005D54
      • RtlLeaveCriticalSection.NTDLL(?), ref: 03005D5B
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave
      • String ID:
      • API String ID: 563679510-0
      • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction ID: c9e0a5b6e42e603cffd42703df729b8b78e672d865ee953b0bb33e8aeb59c2d3
      • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction Fuzzy Hash: 54314B74201A02EFE705DB74CC98B95F7A8FF49310F14865AE529872A0DB35F815CF90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 1000F4D8
      • GetThreadDesktop.USER32(00000000), ref: 1000F4DF
      • GetUserObjectInformationA.USER32(00000000,00000002,?,00000100,?), ref: 1000F50C
      • SetThreadDesktop.USER32(00000000), ref: 1000F51F
      • CloseDesktop.USER32(00000000), ref: 1000F52A
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: DesktopThread$CloseCurrentInformationObjectUser
      • String ID:
      • API String ID: 2068333509-0
      • Opcode ID: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
      • Instruction ID: e3654efe5a9c41a35c8fe53e000b4725a99ad254c1d46276c4c7e896ea0ff50d
      • Opcode Fuzzy Hash: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
      • Instruction Fuzzy Hash: 2D1186B1900619AFE725CFA4CC85BEEBBB8FB08751F00426DE605D3280DB74AA51DB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??2@lstrlenmemset
      • String ID: BITS$SYSTEM\Setup
      • API String ID: 3680187532-3074452007
      • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
      • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
      • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
      • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 10002C1F
      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10002C35
      • TranslateMessage.USER32(?), ref: 10002C44
      • DispatchMessageA.USER32(?), ref: 10002C4A
      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002C58
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
      • String ID:
      • API String ID: 2015114452-0
      • Opcode ID: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
      • Instruction ID: b75dc0117a11b7c765e1435c40dcdf28a4bdf489932a1a838a762226f6e0879c
      • Opcode Fuzzy Hash: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
      • Instruction Fuzzy Hash: 4901A971A40319B6F614D7948C82FAF736CEB05B90F104511FF00EB0D5D6B4E95187B4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 006C9E62
      • GetCurrentProcessId.KERNEL32 ref: 006C9E71
      • GetCurrentThreadId.KERNEL32 ref: 006C9E7A
      • GetTickCount.KERNEL32 ref: 006C9E83
      • QueryPerformanceCounter.KERNEL32(?), ref: 006C9E98
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
      • String ID:
      • API String ID: 1445889803-0
      • Opcode ID: 71ec5b63681e6c0f963050e8f35fc2d15b3633cd9ef6a836f86a3f7061b0b258
      • Instruction ID: f5e7aa73063a3028d87e0a03c3fd6b7d88067d25f129db89109e4817484e1b33
      • Opcode Fuzzy Hash: 71ec5b63681e6c0f963050e8f35fc2d15b3633cd9ef6a836f86a3f7061b0b258
      • Instruction Fuzzy Hash: 4011E571E01208EFCB10DBB8D948BAEBBF6FF5C315F555869E406E7210E7319A008B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave
      • String ID:
      • API String ID: 3168844106-0
      • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
      • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
      • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
      • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10002E1C
      • CancelIo.KERNEL32(?), ref: 10002E26
      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 10002E2F
      • closesocket.WS2_32(?), ref: 10002E39
      • SetEvent.KERNEL32(00000001), ref: 10002E43
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
      • String ID:
      • API String ID: 1486965892-0
      • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction ID: 709f11b2dc8ccf699aafbe62f7b0534b760bdc3690ddac9162a5b626801ec8b5
      • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction Fuzzy Hash: CBF03CB5100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9697690C6B4F914CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 03004A20
      • CancelIo.KERNEL32(?), ref: 03004A2A
      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 03004A33
      • closesocket.WS2_32(?), ref: 03004A3D
      • SetEvent.KERNEL32(00000001), ref: 03004A47
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
      • String ID:
      • API String ID: 1486965892-0
      • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction ID: 1fae64a62660026a2d61de9780aaa96fd32318538c0d648289804de32bdb4715
      • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction Fuzzy Hash: DBF04FB6100710EFE320DB94CD89F56B7F8FB49B11F108A59FA9697690C6B4F518CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • __IsNonwritableInCurrentImage.LIBCMT ref: 006C9B4E
      • ?terminate@@YAXXZ.MSVCRT ref: 006C9BF7
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: ?terminate@@CurrentImageNonwritable
      • String ID: csm$csm
      • API String ID: 3343398186-3733052814
      • Opcode ID: 098a54fe13ae9807f88e9b53dbdd064feb9543205b36fd253b85ee6de974601b
      • Instruction ID: b00e46bfc108bf5209020f0d3079bd36563c22da6b3cf945051c245d408503da
      • Opcode Fuzzy Hash: 098a54fe13ae9807f88e9b53dbdd064feb9543205b36fd253b85ee6de974601b
      • Instruction Fuzzy Hash: DD514E34A00219ABCF10DF69D888EBFBBA6EF45324F14815DE8199B392D731DD51CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsCharAlphaNumericW.USER32(?,00000000,00000104,00000000,?,?,?,?,?,006C6B65,?,?,?), ref: 006C614F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AlphaCharNumeric
      • String ID: "$Property value is too long.$ekl
      • API String ID: 1535711457-2950870291
      • Opcode ID: 078bda8ce2bc40a3768fea7cecd0f1342aca179e71a2bffd306cd9170c734210
      • Instruction ID: 984ff7cddad0008e5bfc54a697038d059a154257bda7b62e82caa52b7293d6c4
      • Opcode Fuzzy Hash: 078bda8ce2bc40a3768fea7cecd0f1342aca179e71a2bffd306cd9170c734210
      • Instruction Fuzzy Hash: 3141C475A001219ACB24EF69C454BBAB3F3EBA8711B64842DF8C5E7384F638DE42C354
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryW.KERNEL32(Msi.dll), ref: 006C3D10
      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006C3D29
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressLibraryLoadProc
      • String ID: DllGetClassObject$Msi.dll
      • API String ID: 2574300362-3279299384
      • Opcode ID: e8a968ece739556cd9861de02389def39cc6b548fa8f910b6770c04a4280f1c4
      • Instruction ID: c35e475bbb496ce6bd2360698a57bd7d498de71c734bced430a5c13becc58d73
      • Opcode Fuzzy Hash: e8a968ece739556cd9861de02389def39cc6b548fa8f910b6770c04a4280f1c4
      • Instruction Fuzzy Hash: A7312D71A10224AFCB04DB69DC58E7EBBBAEF497607154069E80AE3360DB71EE019B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryW.KERNEL32(Msi.dll,00000000,00000000,?,?,?,006C76B2), ref: 006C3E19
      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006C3E2E
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressLibraryLoadProc
      • String ID: DllGetClassObject$Msi.dll
      • API String ID: 2574300362-3279299384
      • Opcode ID: 1f736dacbeccc47e60c5c41c689cb2b81fda250650d9a0909c9d370c110a8f48
      • Instruction ID: e0a7af69ab5033e2e5dce465472ae9745e609abe3273b18cea0d4f8da6a6b56a
      • Opcode Fuzzy Hash: 1f736dacbeccc47e60c5c41c689cb2b81fda250650d9a0909c9d370c110a8f48
      • Instruction Fuzzy Hash: 46118271A10625AFD700DB94CC58FBAB7AEEB08755F00406EF805E3350DB35EE008B60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(0000000A), ref: 006C8A77
      • LoadLibraryW.KERNEL32(COMCTL32), ref: 006C8AA1
      • GetProcAddress.KERNEL32(?), ref: 006C8AC1
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressLibraryLoadProcSleep
      • String ID: COMCTL32
      • API String ID: 188063004-3719691325
      • Opcode ID: 843743f46c7eca0f96dcbf01809533f1cb807cd0cdc6b969aa26cf3783dffff1
      • Instruction ID: d9913f636c966489ac8a475cf139fb8a629259848c45952a9d02a934bb853931
      • Opcode Fuzzy Hash: 843743f46c7eca0f96dcbf01809533f1cb807cd0cdc6b969aa26cf3783dffff1
      • Instruction Fuzzy Hash: A2019E32604251AFD729AB799C19F763BABEB85360B08043EE806C7250EE61EC00C7A0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,?,1000DE2D,?), ref: 10006383
      • memmove.MSVCR100 ref: 100063AF
      • ??3@YAXPAX@Z.MSVCR100 ref: 100063C7
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@Xlength_error@std@@memmove
      • String ID: vector<T> too long
      • API String ID: 1993728168-3788999226
      • Opcode ID: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
      • Instruction ID: 666fb908681a4cb4fcb84fde5cab495aadc7bf52184e8f2216cd687e136a9d11
      • Opcode Fuzzy Hash: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
      • Instruction Fuzzy Hash: 2401D4B16002059FE718CF68CCD982AB7E9EB18240724462DE847C3344E730F950CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: memcpy
      • String ID:
      • API String ID: 3510742995-0
      • Opcode ID: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
      • Instruction ID: 61b773e0558493be9a29dabd4f951307aa74c3da6f26a6b18387d70fbbbfb126
      • Opcode Fuzzy Hash: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
      • Instruction Fuzzy Hash: E2613B75A01606EFEB48CF69C580AD9B7E5FF48390F50866EE85AC7744EB70E944CB80
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetProcessHeap.KERNEL32(00000000,?,00000000,03007D2E), ref: 03007EB2
      • HeapFree.KERNEL32(00000000), ref: 03007EB9
      • VirtualFree.KERNEL32(?,00000000,00008000,03007D2E), ref: 03007ECF
      • GetProcessHeap.KERNEL32(00000000,00000000,03007D2E), ref: 03007ED8
      • HeapFree.KERNEL32(00000000), ref: 03007EDF
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: Heap$Free$Process$Virtual
      • String ID:
      • API String ID: 1594822054-0
      • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction ID: 2115c73f5f30df007ee6ef28b39a4f1a55a59b94fbd11c75d94edc5693458388
      • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction Fuzzy Hash: 33111871202650EBE671CF65CC88B17B7E9AB89B11F148A18E25A865E0C778F851CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,10016034,?,?,?,?,00000000,10010C3B,000000FF,?,0300F683), ref: 03010CF7
      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,0300F683), ref: 03010D96
        • Part of subcall function 03003164: RtlDeleteCriticalSection.NTDLL(00000000), ref: 03003185
      • InterlockedExchange.KERNEL32(?,00000000), ref: 03010F24
      • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,0300F683), ref: 03010F2A
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$CountCreateDeleteEventExchangeInitializeInterlockedSpinTimetime
      • String ID:
      • API String ID: 106064292-0
      • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction ID: 308f9872ba687d5a698029f88e25c1ff1bd169153d2ebb489cb8cb1cbc252a37
      • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction Fuzzy Hash: 2081D7B0A01A46BFE344DF7AC8847D6FBA8FB09304F50822EE12D87640D775A964CF90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AED3
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000AF1D
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AF6D
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000AFB4
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,883AEF3E,00000000,00000000,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
        • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
      • String ID:
      • API String ID: 2358051495-0
      • Opcode ID: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
      • Instruction ID: b77b04452d26876befaaa33bba6244ff55552589dcca94bb0683c8122b0cb0e2
      • Opcode Fuzzy Hash: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
      • Instruction Fuzzy Hash: 976164B4A0428A9FEF04DFA4C890BEEBBB1FF45394F108169E815AB345D730AD45CB51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A40D
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A457
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A4A7
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A4EE
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,883AEF3E,00000000,00000000,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
        • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
      • String ID:
      • API String ID: 2358051495-0
      • Opcode ID: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
      • Instruction ID: 064e6777206eaa59b6d0f19c807af86857d994d2322ab606cc61307b9a3a3038
      • Opcode Fuzzy Hash: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
      • Instruction Fuzzy Hash: CC616274E002899FEF04DFA8C8947DDBBB1FF4A394F108269E815AB345D770A985CB51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: memcpy
      • String ID: `
      • API String ID: 3510742995-2679148245
      • Opcode ID: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
      • Instruction ID: c24da7249b548aaf2b14c7c6060632b893dbd9eb309b44a3be494d28480dc5aa
      • Opcode Fuzzy Hash: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
      • Instruction Fuzzy Hash: FC51D672B00225AFCB24CFA8C981ABAB7B2FF48310B15455DF914EB380E771AE41C794
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • lstrcmpW.KERNEL32(?,006C13CC,?,mewuifsoarpcvxgh!), ref: 006C4A83
      • lstrcmpW.KERNEL32(?,006C13D0,?,mewuifsoarpcvxgh!), ref: 006C4A93
      • lstrcmpW.KERNEL32(?,006C13D8,?,mewuifsoarpcvxgh!), ref: 006C4AA3
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: lstrcmp
      • String ID: mewuifsoarpcvxgh!
      • API String ID: 1534048567-2729521250
      • Opcode ID: be21fc163dafdd08043bfcd6c74afbb4493a5009df899c81824b00f5a201375d
      • Instruction ID: 68df75e551d2da2870047ec59ee49923fdd83628338176002a195707e2fc95f5
      • Opcode Fuzzy Hash: be21fc163dafdd08043bfcd6c74afbb4493a5009df899c81824b00f5a201375d
      • Instruction Fuzzy Hash: 4641CF32A90215AADB20DBA5E8A4FFEB7B6EF45714F04402EE905E7294EB708D81C754
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction ID: 80ecbb37148079e7fb656f75525e8e6a17d8d6c7fe428b51743fab1656ffb19d
      • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction Fuzzy Hash: 223193B5601304ABE760DF68CC81F7A77E9EF89B10F144599FA08DB281E6B5E901CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,006CA2B0,000000A8,006C6E7E,00000000,00000000,?), ref: 006C44E0
      • GlobalFree.KERNEL32(?), ref: 006C450F
      • GlobalFree.KERNEL32(?), ref: 006C4590
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Global$Free$Alloc
      • String ID: %d.%d.%.4d.%d
      • API String ID: 1780285237-3399825337
      • Opcode ID: 9d418fb2bc5111f699a29120f7df5220969d5bd3e182db87421af4728d9fb4e3
      • Instruction ID: 2fa54ed015688e144558ec517c8dfcae7b25cc52470d0c9227022b35c8a29004
      • Opcode Fuzzy Hash: 9d418fb2bc5111f699a29120f7df5220969d5bd3e182db87421af4728d9fb4e3
      • Instruction Fuzzy Hash: 10413B71A002289FDB20DB65CD55FBEBBBAFB44310F2041ADE509A3291DB319E95CF50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0300F94E
      • Thread32First.KERNEL32(00000000,?), ref: 0300F965
      • Thread32Next.KERNEL32(00000000,0000001C), ref: 0300FA46
      • CloseHandle.KERNEL32(00000000), ref: 0300FA55
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0300FAC1
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0300FADE
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0300FB9D
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0300FBDC
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0300FC1B
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0300FC5A
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0300FC99
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0300FCD8
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0300FD17
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0300FD56
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0300FD95
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0300FDD4
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0300FE13
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0300FE52
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0300FE91
      • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0300FEE1
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0300FEF5
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0300FF23
      • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0300FF40
      • CloseHandle.KERNEL32(?), ref: 0300FF5E
      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0300FF79
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
      • String ID:
      • API String ID: 1747700738-0
      • Opcode ID: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
      • Instruction ID: fb07f82857e27c3997502b9e70f00ced155907d0b3de94810f1faec9b1d08d41
      • Opcode Fuzzy Hash: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
      • Instruction Fuzzy Hash: F8318B71A01206EFEB24CF74C9849AEB7F9FB48715F14862EE956D7680D770A940CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • timeGetTime.WINMM ref: 03006052
      • InterlockedExchange.KERNEL32(?,00000000), ref: 03006061
      • WaitForSingleObject.KERNEL32(?,00001770), ref: 030060AF
        • Part of subcall function 03005B64: GetCurrentThreadId.KERNEL32 ref: 03005B69
        • Part of subcall function 03005B64: send.WS2_32(?,1001242C,00000010,00000000), ref: 03005BCA
        • Part of subcall function 03005B64: SetEvent.KERNEL32(?), ref: 03005BED
        • Part of subcall function 03005B64: InterlockedExchange.KERNEL32(?,00000000), ref: 03005BF9
        • Part of subcall function 03005B64: WSACloseEvent.WS2_32(?), ref: 03005C07
        • Part of subcall function 03005B64: shutdown.WS2_32(?,00000001), ref: 03005C1F
        • Part of subcall function 03005B64: closesocket.WS2_32(?), ref: 03005C29
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: EventExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
      • String ID:
      • API String ID: 4080316033-0
      • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction ID: 8a4a6d89a2c1d32d1c6c7196a9ccc88d760973a39f2b1951fbec120f8a8aa933
      • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction Fuzzy Hash: 42318FB6600714ABD620EF69DC84B97B3E9FF89710F004A0EE58AC7690D672F414CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(883AEF3E,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(6CFC0A41,883AEF3E,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
      • realloc.MSVCR100 ref: 1000ADA8
      • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
      • String ID:
      • API String ID: 614970593-0
      • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
      • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
      • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
      • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(883AEF3E,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7BA
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(0000005E,883AEF3E,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7D5
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C80F
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,?,1000BED7,?,10012890,00000000,0000005E,?,?,?), ref: 1000C82A
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,883AEF3E,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,883AEF3E,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 2639648381-0
      • Opcode ID: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
      • Instruction ID: 0dae501bc556696bb7c4d7e10b9c2053542ed37b5a19796234fa89d0372f365e
      • Opcode Fuzzy Hash: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
      • Instruction Fuzzy Hash: 773141B560160AAFEB04DF64C894B6EB7B5FF49750F00C25DE92997394DB34E900CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F), ref: 100043EC
        • Part of subcall function 100012C0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 100012EB
        • Part of subcall function 10001280: memcpy.MSVCR100 ref: 100012A1
        • Part of subcall function 100041E0: EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CF0017C,10004C5B,?), ref: 100041E8
        • Part of subcall function 100041E0: LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
        • Part of subcall function 10004A70: HeapFree.KERNEL32(?,00000000,?,00000000,10004C5B,?,100042C8,10004C5B,00000000,?,6CF0017C,10004C5B,?), ref: 10004A97
      • SetLastError.KERNEL32(00000000,?), ref: 100043D7
      • SetLastError.KERNEL32(00000057), ref: 10004401
      • WSAGetLastError.WS2_32(?), ref: 10004410
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeavememcpy
      • String ID:
      • API String ID: 993608311-0
      • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction ID: c83054a75a0c69128b26031afe2b7a8ad0b6ec7a765fcb7c10a623894899581c
      • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction Fuzzy Hash: 44110676A0512C9BEB00DF69E8846DEB7E8EF882B2B4141B6FC0CD3205DB31DD1186D4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F), ref: 03005FF0
        • Part of subcall function 03002EC4: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 03002EEF
        • Part of subcall function 03005DE4: RtlEnterCriticalSection.NTDLL(030069BF), ref: 03005DEC
        • Part of subcall function 03005DE4: RtlLeaveCriticalSection.NTDLL(030069BF), ref: 03005DFA
        • Part of subcall function 03006674: HeapFree.KERNEL32(?,00000000,?,00000000,0300685F,?,03005ECC,0300685F,00000000,?,100122A8,0300685F,?), ref: 0300669B
      • SetLastError.KERNEL32(00000000,?), ref: 03005FDB
      • SetLastError.KERNEL32(00000057), ref: 03006005
      • WSAGetLastError.WS2_32(?), ref: 03006014
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: ErrorLast$CriticalHeapSection$AllocateEnterFreeLeave
      • String ID:
      • API String ID: 2160363220-0
      • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction ID: 1b2ba286e316d3c071c67d736ac4eeaac25b00b3f927147eab88b294b510a8a0
      • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction Fuzzy Hash: 2111CA36A0622C9BEB10EF69EC846DEB7E9EF89221F4845A6FC0CD7240D635CD1187D0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAEventSelect.WS2_32(10003ABB,00000001,00000023), ref: 10003C02
      • WSAGetLastError.WS2_32 ref: 10003C0D
      • send.WS2_32(00000001,00000000,00000000,00000000), ref: 10003C58
      • WSAGetLastError.WS2_32 ref: 10003C63
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ErrorLast$EventSelectsend
      • String ID:
      • API String ID: 259408233-0
      • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction ID: 1e34e906bf1f561d7e2ad43756d4eb31c95bef378edec9e2eb53c750d2609e08
      • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction Fuzzy Hash: E7113AB6600B509BE320CB79D8C8A47B7E9FB88750F018A2DF9A6C3695D735E9008B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAEventSelect.WS2_32(030056BF,00000001,00000023), ref: 03005806
      • WSAGetLastError.WS2_32 ref: 03005811
      • send.WS2_32(00000001,00000000,00000000,00000000), ref: 0300585C
      • WSAGetLastError.WS2_32 ref: 03005867
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: ErrorLast$EventSelectsend
      • String ID:
      • API String ID: 259408233-0
      • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction ID: 73dae3a5d4df66871220d74b300f7320f0bb5a70b14ae05cf34d584015d483cb
      • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction Fuzzy Hash: 44115EB56057009BE760DF79CCC8A97B6E9FB89710F104A1DE966C7690D735E510CF10
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,883AEF3E,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A13
      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,883AEF3E,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A40
      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
      • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,?,00000000,00000000), ref: 10007B07
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
      • String ID:
      • API String ID: 3901553425-0
      • Opcode ID: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
      • Instruction ID: efe17ea185d12684d878693edc1b18e8d1ff87ead5748dc24528a512154253e9
      • Opcode Fuzzy Hash: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
      • Instruction Fuzzy Hash: CC215874B00601DFE714CF98C990AADBBB1FB89354B21829DE91A97391C735EE02CB81
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CF0017C,10004C5B,?), ref: 100041E8
      • LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
      • LeaveCriticalSection.KERNEL32(10004DBB), ref: 10004257
      • SetEvent.KERNEL32(207E8915), ref: 10004272
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$Leave$EnterEvent
      • String ID:
      • API String ID: 3394196147-0
      • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction ID: 96050006febd72b84065b66e0954a009dcf70bb20e51a277782550e92b998592
      • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction Fuzzy Hash: 4911E5B0600B01AFE714DF75C988A96B7F5FF58341B56C92DE55E87225EB30E811CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(030069BF), ref: 03005DEC
      • RtlLeaveCriticalSection.NTDLL(030069BF), ref: 03005DFA
      • RtlLeaveCriticalSection.NTDLL(030069BF), ref: 03005E5B
      • SetEvent.KERNEL32(207E8915), ref: 03005E76
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CriticalSection$Leave$EnterEvent
      • String ID:
      • API String ID: 3394196147-0
      • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction ID: 409f060602d093fe7c69cd9e1909982aa34332135f7317219c0da84dcad25cf6
      • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction Fuzzy Hash: 5511B3B1605B04ABE758CF79C984A96B7E9BF5D300F14C86DE59E87251EB30E811CF40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • timeGetTime.WINMM(00000001,?,00000001,?,10003C4F,?,?,00000001), ref: 10004995
      • InterlockedIncrement.KERNEL32(?), ref: 100049A4
      • InterlockedIncrement.KERNEL32(?), ref: 100049B1
      • timeGetTime.WINMM(?,00000001,?,10003C4F,?,?,00000001), ref: 100049C8
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: IncrementInterlockedTimetime
      • String ID:
      • API String ID: 159728177-0
      • Opcode ID: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
      • Instruction ID: 388a31e28c4315a2b80f9eb1b1731ff0b6962f18e2323a641fbf2073ec4b61e2
      • Opcode Fuzzy Hash: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
      • Instruction Fuzzy Hash: 07011AB16007059FD720DFAAD88094AFBF8FF58650701892EE549C7711EB74EA448FE4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CloseSleep
      • String ID:
      • API String ID: 2834455192-0
      • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction ID: 3c804ca82af5424d6565225709c8b10ca46401b74e36ff2941347c44cc310e8e
      • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction Fuzzy Hash: 150181B1645311FBF254EBA8CC89E6B77ACEB89304F008508F785961A1DB74E864CB62
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
      • free.MSVCR100(?), ref: 100036DC
      • malloc.MSVCR100 ref: 10003718
      • memset.MSVCR100 ref: 10003727
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CreateTimerWaitablefreemallocmemset
      • String ID:
      • API String ID: 3069344516-0
      • Opcode ID: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
      • Instruction ID: e76cd7351c069e8dc2573ffc5f75bc7c557aaaa7039b3712dd61b8e0fe7f7cd0
      • Opcode Fuzzy Hash: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
      • Instruction Fuzzy Hash: 7401A9F5900B04DFE360DF7A8885B97BBE9EB45244F10882EE5AE83301C675A8448F20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
        • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
      • HeapDestroy.KERNEL32(00000000,?,?,1000ED78), ref: 1000EE93
      • HeapCreate.KERNEL32(?,?,?,?,?,1000ED78), ref: 1000EEA5
      • free.MSVCR100(?), ref: 1000EEB5
      • HeapDestroy.KERNEL32(?), ref: 1000EEE3
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Heap$Destroyfree$CreateFree
      • String ID:
      • API String ID: 3907340440-0
      • Opcode ID: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
      • Instruction ID: 2b6ea0b1bf14b454bcfa0d9d0ec2d02c0ea479da0eae51473de9a487cb0356fb
      • Opcode Fuzzy Hash: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
      • Instruction Fuzzy Hash: B5F037F9100652ABE710DF24D848B67BBF8FF84790F118518E96993654DB35E821CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
      • _beginthreadex.MSVCR100 ref: 1000F46F
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
      • CloseHandle.KERNEL32(?), ref: 1000F48A
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
      • String ID:
      • API String ID: 92035984-0
      • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
      • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
      • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
      • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 006C9C98: GetModuleHandleW.KERNEL32(00000000), ref: 006C9C9F
      • __set_app_type.MSVCRT ref: 006C9292
      • __p__fmode.MSVCRT ref: 006C92A8
      • __p__commode.MSVCRT ref: 006C92B6
      • __setusermatherr.MSVCRT ref: 006C92D7
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
      • String ID:
      • API String ID: 1632413811-0
      • Opcode ID: 911d55ff7b575b937c38b36d23d914b355fb320a3ecb81a7198a50692f5751da
      • Instruction ID: ebb68ed249780fc6b14b4fb7075cfaa41f2a5b466b9d90ca3ef8e0b1e5af0e8f
      • Opcode Fuzzy Hash: 911d55ff7b575b937c38b36d23d914b355fb320a3ecb81a7198a50692f5751da
      • Instruction Fuzzy Hash: 4EF0F270504300DFC358AB30AC1EE383BA3FB05331B11A62EE46A962E0CB3A8081CA64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • StgOpenStorage.OLE32(?,00000000,00000020,00000000,00000000,?), ref: 006C3F75
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: OpenStorage
      • String ID: &
      • API String ID: 222319337-1010288
      • Opcode ID: b78a8f99ba7001a05168117be385a55be12a9dce01bd1f0d811d3f2c8c25fef3
      • Instruction ID: 806dc02b3d5b806ebad180ef6cc89f0683e5bd7df1c7d035f8d182335758e3ef
      • Opcode Fuzzy Hash: b78a8f99ba7001a05168117be385a55be12a9dce01bd1f0d811d3f2c8c25fef3
      • Instruction Fuzzy Hash: 1291F670A10218AFDB14DBA4DD98FBEB7BAFB14315B04452DF556E7690DB20AD44CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
      • memcpy.MSVCR100 ref: 1000D514
        • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: string too long
      • API String ID: 4248180022-2556327735
      • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
      • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
      • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
      • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
      • memcpy.MSVCR100 ref: 1000D8B2
        • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
        • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
        • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
      • String ID: string too long
      • API String ID: 433638341-2556327735
      • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
      • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
      • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
      • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,883AEF3E,15555555,?,?,?,00000000), ref: 10008C1D
      • ??3@YAXPAX@Z.MSVCR100 ref: 10008C78
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: ??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2313657577-3788999226
      • Opcode ID: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
      • Instruction ID: fb7adf7a1d09ac6a26db31f93637622f031e953306e888bd675b0b75f72f74ca
      • Opcode Fuzzy Hash: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
      • Instruction Fuzzy Hash: A4218EB6A00606AFD704DF5CC980E9AB7F4FB88350F518629E9159B384DB30AA14CBD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        • Part of subcall function 1000D7C0: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1000D897,00000000,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D7CA
      • memcpy.MSVCR100 ref: 1000D433
      Strings
      • invalid string position, xrefs: 1000D3D2
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: invalid string position
      • API String ID: 4248180022-1799206989
      • Opcode ID: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
      • Instruction ID: 52917fc2c828b592c0c48c691309feb71193cfbfd6d654fc01bcf82dc82b710e
      • Opcode Fuzzy Hash: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
      • Instruction Fuzzy Hash: B311CE363002119BE714EE6CE8C0AADB7A6FB942A0B54022FF545CB645D771F994C7F1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • gethostname.WS2_32(?,00000100), ref: 0300813C
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: gethostname
      • String ID: Host$SYSTEM\Setup
      • API String ID: 144339138-2058306683
      • Opcode ID: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
      • Instruction ID: 2a821041ca18754106dcfc80827422dcc27c42e4019f8817963e5a10e05b7a32
      • Opcode Fuzzy Hash: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
      • Instruction Fuzzy Hash: 4211B9B0A422659BE715EF18CC81BED77B9EF59300F0480A5E708AA290D770DA96CF55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,?,?,1000767F,?,883AEF3E), ref: 1000D2C8
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Xlength_error@std@@
      • String ID: string too long
      • API String ID: 1004598685-2556327735
      • Opcode ID: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
      • Instruction ID: 7c290e37c21cc128044187aa2d57a67ac510d619e09b39ca63a5e6919b49c54c
      • Opcode Fuzzy Hash: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
      • Instruction Fuzzy Hash: 36118271305641DFF724EE5C9980B1DB7A9FF61290F14012BF9128B295D7B1EA90C6B2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(0000000A), ref: 006C8D70
      • GetProcAddress.KERNEL32(?), ref: 006C8DB9
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressProcSleep
      • String ID: KERNEL32
      • API String ID: 1175476452-1217789123
      • Opcode ID: dd0f2a9276a0eb1a70412da3d2d1888782cbc668638d608628136b7f916e342d
      • Instruction ID: a7af7d70c16790b8a2a70a2d21b9fdd4befc9847ea6e5c7f651928e762d409c5
      • Opcode Fuzzy Hash: dd0f2a9276a0eb1a70412da3d2d1888782cbc668638d608628136b7f916e342d
      • Instruction Fuzzy Hash: B2018C316042509FDB299B299829FB63A9BEF92324F08043ED84BC7290DB60EC018790
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(0000000A), ref: 006C8C1F
      • GetProcAddress.KERNEL32(?), ref: 006C8C68
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressProcSleep
      • String ID: VERSION
      • API String ID: 1175476452-2153328089
      • Opcode ID: c31c26b76b4c5dd99770e38f73e11352900a8b220a5d081c39c53bb61e1ee110
      • Instruction ID: a532eca5c33e3e8232fac9c0fae96f71509755d6e83f8bff63a3096bce78e1ce
      • Opcode Fuzzy Hash: c31c26b76b4c5dd99770e38f73e11352900a8b220a5d081c39c53bb61e1ee110
      • Instruction Fuzzy Hash: 2901B1717052109FDB298B399C29FB67AABDF81360F04043ED846D7250EE60DC41C7A0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(0000000A), ref: 006C88D6
      • GetProcAddress.KERNEL32(?), ref: 006C891F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: AddressProcSleep
      • String ID: OLE32
      • API String ID: 1175476452-2276369563
      • Opcode ID: 6848d791703502afb0758c60b953cddde854e2052adb202811af9c3fa8b396d4
      • Instruction ID: cdd94084e200ceb7118990b0e5f5e117e125dabdb388a9f012ce3d9553b90072
      • Opcode Fuzzy Hash: 6848d791703502afb0758c60b953cddde854e2052adb202811af9c3fa8b396d4
      • Instruction Fuzzy Hash: 8A017172705251AFDB29AB399C1AF763AABEB86321F04147ED846C7350EE70EC01C761
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,?,1000D3F8,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D34F
      • memmove.MSVCR100 ref: 1000D386
      Strings
      • invalid string position, xrefs: 1000D34A
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: Xout_of_range@std@@memmove
      • String ID: invalid string position
      • API String ID: 1894236298-1799206989
      • Opcode ID: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
      • Instruction ID: 7c4033c306467bb4ef33dfaef203c6491ed6da220de6590d554043c3ccb312a9
      • Opcode Fuzzy Hash: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
      • Instruction Fuzzy Hash: 8F0171B13046008BE721DA6CEC8861EB7E6EBC1680B254A1DE182C764DD671DD828762
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 10005B4A
      • RegCloseKey.ADVAPI32(?), ref: 10005B54
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: Host
      • API String ID: 3132538880-1863695555
      • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction ID: dcad731e8835d6dae927973394ebae374a698fdf24b40fc78b981aaf5b05d5c2
      • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction Fuzzy Hash: A3E0C2B4600254FFE315CF648C9DFBA7B6ADB89301F108380FD459B244CA32DA15C790
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 10005B9A
      • RegCloseKey.ADVAPI32(?), ref: 10005BA4
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: BITS
      • API String ID: 3132538880-1135043067
      • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction ID: 335dbc8b6873fe5d047cc230d3b8783f13d6a85026f1eab1c6dcc6bab130e0b3
      • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction Fuzzy Hash: FDE0C2B4600254FFE311CB648C9DFBB7B6ADB89302F108280FC459B255CA32DA11CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 0300774E
      • RegCloseKey.ADVAPI32(?), ref: 03007758
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: Host
      • API String ID: 3132538880-1863695555
      • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction ID: 364dca3ea723c857e4ed02656267ca58f1f8051d2248e267b1d786aa95704a42
      • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction Fuzzy Hash: 35E0C2B4600214FFE725CF648C9CFBA7B7ADB89701F108280FD459B240CA31DA25D790
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 0300779E
      • RegCloseKey.ADVAPI32(?), ref: 030077A8
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2459053117.0000000003000000.00000040.00000400.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_3000000_msiexec.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: BITS
      • API String ID: 3132538880-1135043067
      • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction ID: 29eb2594826f688405bf5cde6628c9153a160535c7bc155c62af6723e16dd5f0
      • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction Fuzzy Hash: 83E08CB4640214ABE721CB608C9CFBA7B6ADB89701F108280FC459B251DA31DA20CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZl,?,006C5A48,?,?,?), ref: 006C2F8B
      Strings
      • Software\Policies\Microsoft\Windows\Installer, xrefs: 006C2F85
      • HZl, xrefs: 006C2F7F
      Memory Dump Source
      • Source File: 00000001.00000002.2458942884.00000000006C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006C0000, based on PE: true
      • Associated: 00000001.00000002.2458926926.00000000006C0000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CD000.00000002.00000001.01000000.00000005.sdmpDownload File
      • Associated: 00000001.00000002.2458957548.00000000006CF000.00000002.00000001.01000000.00000005.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_6c0000_msiexec.jbxd
      Similarity
      • API ID: Open
      • String ID: HZl$Software\Policies\Microsoft\Windows\Installer
      • API String ID: 71445658-3855860779
      • Opcode ID: 5fee3a30dcfa795f17f872a8750d40d1dad8b9ba5d5e1cc2f4eec08198442827
      • Instruction ID: 19299b392f5a43dc6ef8a4d2c964a67ce7d566aea804ef8e136f86c943fb6808
      • Opcode Fuzzy Hash: 5fee3a30dcfa795f17f872a8750d40d1dad8b9ba5d5e1cc2f4eec08198442827
      • Instruction Fuzzy Hash: D0D0A77154438C7FF7115754AC1DFB27E6FD380728F04005CFA1C51166C5649C60C350
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
      • memset.MSVCR100 ref: 10005D11
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
      • memcpy.MSVCR100 ref: 10005D39
      Memory Dump Source
      • Source File: 00000001.00000002.2459789621.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000001.00000002.2459772663.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459806807.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459820731.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000001.00000002.2459838180.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
      Similarity
      • API ID: AllocVirtual$memcpymemset
      • String ID:
      • API String ID: 2542864682-0
      • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
      • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
      • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
      • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: MetricsSystem$#2379#470#755ClientDrawIconIconicMessageRectSend
      • String ID:
      • API String ID: 1397574227-0
      • Opcode ID: ba6df198c9fee10706e9f92bd5aec66db6e2c29323b93016af3720700b76ce6b
      • Instruction ID: 89e8adb469d91a838e668cb5929babd5a6835129643cd87033e24c9b0d28c74b
      • Opcode Fuzzy Hash: ba6df198c9fee10706e9f92bd5aec66db6e2c29323b93016af3720700b76ce6b
      • Instruction Fuzzy Hash: 46117F712142055FC614DF38DD49D6BBBEDFBC8305F084A2DB585D3290DA78E905CB55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #3097.MFC42(000003E8,004054D4), ref: 00401B9E
      • #3097.MFC42(000003E9,004054D0,000003E8,004054D4), ref: 00401BAF
      • _mbscmp.MSVCRT(00000000,00000000,000003E9,004054D0,000003E8,004054D4), ref: 00401BC7
      • #5953.MFC42(000003EB,0040537C), ref: 00401BDC
      • #5953.MFC42(000003E8,004054E4,000003EB,0040537C), ref: 00401BED
      • #5953.MFC42(000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401BFE
      • #3092.MFC42(000003E8,000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401C0A
      • #5981.MFC42(000003E8,000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401C11
      • _mbscmp.MSVCRT(00000000,004054E4), ref: 00401C27
      • #5953.MFC42(000003EB,00405360), ref: 00401C3C
      • #3092.MFC42(000003E8,000003EB,00405360), ref: 00401C48
      • #5981.MFC42(000003E8,000003EB,00405360), ref: 00401C4F
      • #3097.MFC42(000003EA,004054CC), ref: 00401D51
      • _mbscmp.MSVCRT(00000000,00000000,000003EA,004054CC), ref: 00401D63
      • #5953.MFC42(000003EB,00405314), ref: 00401D7C
      • #5953.MFC42(000003EA,004054E4,000003EB,00405314), ref: 00401D8D
      • #3092.MFC42(000003EA,000003EA,004054E4,000003EB,00405314), ref: 00401D99
      • #5981.MFC42(000003EA,000003EA,004054E4,000003EB,00405314), ref: 00401DA0
      Strings
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: #5953$#3092#3097#5981_mbscmp
      • String ID: Shell_TrayWnd
      • API String ID: 2345305820-2988720461
      • Opcode ID: 455f8c89fc2bb1981af9a10776c35603da655b530fda02b23260adbf773b6009
      • Instruction ID: 09eca0634b82c8f294e250b21cdabe85b7eb0dae3ff9de2663f7faa7e097ef5a
      • Opcode Fuzzy Hash: 455f8c89fc2bb1981af9a10776c35603da655b530fda02b23260adbf773b6009
      • Instruction Fuzzy Hash: 15513B307C0B1177E9667735AE9BF6E2509AB80F0AF10013EBA017E2D2CEFC56419A4D
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetProcAddress.KERNEL32(00000000,recv), ref: 0040130F
      • Sleep.KERNEL32(0000000A), ref: 00401362
      • Sleep.KERNEL32(0000000A), ref: 00401366
      • Sleep.KERNEL32(0000000A), ref: 0040136A
      • Sleep.KERNEL32(0000000A), ref: 004013BE
      • Sleep.KERNEL32(0000000A), ref: 004013C2
      • Sleep.KERNEL32(0000000A), ref: 004013C6
      • Sleep.KERNEL32(0000000A), ref: 004013CA
      • Sleep.KERNEL32(0000000A), ref: 004013CE
      • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP60(00004020,Failed to get address of recv function), ref: 004013F1
      • ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z.MSVCP60(00000000), ref: 004013F8
      • FreeLibrary.KERNEL32(00000000), ref: 00401408
      • #116.WS2_32 ref: 0040140E
      Strings
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: Sleep$U?$char_traits@V?$basic_ostream@$#116??6std@@?endl@std@@AddressD@std@@@0@D@std@@@1@FreeLibraryProcV10@V21@@
      • String ID: 206.238.220.90$Failed to get address of recv function$recv
      • API String ID: 3387883466-4270088739
      • Opcode ID: a7ee4c617e318cf3673958e8d403d371162d5e1c6e21e0cc1667c98407d6214d
      • Instruction ID: 9be3d8a21712bd1a561837db3ef8e6b01427c5c74414111fb4788be54016bcab
      • Opcode Fuzzy Hash: a7ee4c617e318cf3673958e8d403d371162d5e1c6e21e0cc1667c98407d6214d
      • Instruction Fuzzy Hash: 9231E2327003049BD714DF64DD84B9B7B95EB84760F04457AEE05AF2D1CAB4AD09CBAA
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • __set_app_type.MSVCRT(00000002), ref: 004024CD
      • __p__fmode.MSVCRT ref: 004024E2
      • __p__commode.MSVCRT ref: 004024F0
      • __setusermatherr.MSVCRT(00402622), ref: 0040251C
      • _initterm.MSVCRT(00405034,00405038), ref: 00402532
      • __getmainargs.MSVCRT(?,?,?,?,00405034,00405038), ref: 00402555
      • _initterm.MSVCRT(00405000,00405030), ref: 00402565
      • GetStartupInfoA.KERNEL32(?), ref: 004025A4
      • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004025C8
      • exit.MSVCRT(00000000,00000000,?,0000000A), ref: 004025D8
      • _XcptFilter.MSVCRT(?,?,?,0000000A), ref: 004025EA
      Strings
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
      • String ID: 8P@
      • API String ID: 801014965-425619966
      • Opcode ID: 8498408c8425d3ed6747d28634787dc7c4251bf7b6037aa3f240537cf403f7b7
      • Instruction ID: 3db1f6a25215d20146fe9d205761b81edacfa20296a2621411912f9a6318d064
      • Opcode Fuzzy Hash: 8498408c8425d3ed6747d28634787dc7c4251bf7b6037aa3f240537cf403f7b7
      • Instruction Fuzzy Hash: B7416CB1840744AFCB249FA4DE59AAA7BBCEB09711F20057FE841B72D1D7B859408F5C
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #4710.MFC42(?,?,?,?,004026F8,000000FF), ref: 004018DA
      • GetSystemMenu.USER32(?,00000000,?,?,?,?,004026F8,000000FF), ref: 004018E5
      • #2863.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 004018EC
      • #540.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 004018FB
      • #4160.MFC42(00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 0040190E
      • AppendMenuA.USER32(?,00000800,00000000,00000000,?,00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 00401932
      • AppendMenuA.USER32(?,00000000,00000010,?,?,00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 00401941
      • #800.MFC42(00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 00401950
      • SendMessageA.USER32(?,00000080,00000001,?,00000000,?,?,?,?,004026F8,000000FF), ref: 0040196A
      • SendMessageA.USER32(?,00000080,00000000,?,?,?,?,?,004026F8,000000FF), ref: 0040197B
      • CreateSolidBrush.GDI32(00000000,?,?,?,?,004026F8,000000FF), ref: 00401984
      • #1641.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 00401990
      • #5802.MFC42(000003EA,000000CF,00000001,00000000,00000000,?,?,?,?,004026F8,000000FF), ref: 004019A5
      • #6197.MFC42(800018EC,00000000,00000000,00000000,00000000,00000003,000003EA,000000CF,00000001,00000000,00000000,?,?,?,?,004026F8), ref: 004019BC
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: Menu$AppendMessageSend$#1641#2863#4160#4710#540#5802#6197#800BrushCreateSolidSystem
      • String ID:
      • API String ID: 299526166-0
      • Opcode ID: 24929db14cd33e43e6965752aab6bc1e162f4aea1e8896d2f75077570610a2f9
      • Instruction ID: 64577c4a9b072b4d16e33900ab0bac8fea65f0c880726bb527a46fac44a935b1
      • Opcode Fuzzy Hash: 24929db14cd33e43e6965752aab6bc1e162f4aea1e8896d2f75077570610a2f9
      • Instruction Fuzzy Hash: 8B3153713407007BE220EB65CD86F6BB799BB88B10F104A2DF6557B2D1CBB8F9008B59
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000,?), ref: 00401F50
      • BuildExplicitAccessWithNameA.ADVAPI32(?,Administrators,000F003F,00000002,00000003), ref: 00401F6D
      • SetEntriesInAclA.ADVAPI32(00000001,?,?,?), ref: 00401F83
      • SetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000), ref: 00401F9E
      • LocalFree.KERNEL32(?), ref: 00401FB9
      • LocalFree.KERNEL32(?), ref: 00401FC4
      Strings
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: FreeInfoLocalNamedSecurity$AccessBuildEntriesExplicitNameWith
      • String ID: Administrators$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 232510436-309312000
      • Opcode ID: 53073c2b4bec189ce8b610d4c6f56d55612f92f2701c5ff9fb59f5ebaf8d7ac5
      • Instruction ID: da1d4f715cb7791bda5478defa030f0280aa6d463b88422718ffb321f1726b92
      • Opcode Fuzzy Hash: 53073c2b4bec189ce8b610d4c6f56d55612f92f2701c5ff9fb59f5ebaf8d7ac5
      • Instruction Fuzzy Hash: C0114DB16043066FE310CF65CD85E6BB7ACEBC4795F40483EFA44E6290D6B8DD088B66
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #23.WS2_32(00000002,00000001,00000006), ref: 0040121C
      • #52.WS2_32(?), ref: 0040123F
      • #9.WS2_32(?), ref: 0040124F
      • GetProcAddress.KERNEL32(00000000,connect), ref: 00401270
      • ResetEvent.KERNEL32(?), ref: 0040128C
      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 0040129B
      • CreateThread.KERNEL32(00000000,00000000,004012D0,?,00000000,00000000), ref: 004012B1
      Strings
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: AddressCreateEventObjectProcResetSingleThreadWait
      • String ID: connect
      • API String ID: 3541515344-1959786783
      • Opcode ID: 4c41718f995511b4e19e61dbe1beb07ff7b72ff6a41332ec730e158978cf068d
      • Instruction ID: a7ec17a1c9397f4a8347c85be3d4e262ab070995ff1524a48aaa81642f70005b
      • Opcode Fuzzy Hash: 4c41718f995511b4e19e61dbe1beb07ff7b72ff6a41332ec730e158978cf068d
      • Instruction Fuzzy Hash: C2118135640701ABD310EF68DC49F1BB7A8FB88711F104A6DF265F62E0C774A5148B59
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 00401F10: GetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000,?), ref: 00401F50
        • Part of subcall function 00401F10: BuildExplicitAccessWithNameA.ADVAPI32(?,Administrators,000F003F,00000002,00000003), ref: 00401F6D
        • Part of subcall function 00401F10: SetEntriesInAclA.ADVAPI32(00000001,?,?,?), ref: 00401F83
        • Part of subcall function 00401F10: SetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000), ref: 00401F9E
        • Part of subcall function 00401F10: LocalFree.KERNEL32(?), ref: 00401FB9
        • Part of subcall function 00401F10: LocalFree.KERNEL32(?), ref: 00401FC4
      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,00000000), ref: 00401FF1
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040201A
      • RegSetValueExA.ADVAPI32(00000000,LiveUpdate,00000000,00000001,?,00000000), ref: 00402034
      • RegCloseKey.ADVAPI32(?), ref: 0040203F
      Strings
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00401FE7
      • LiveUpdate, xrefs: 0040202E
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: FreeInfoLocalNameNamedSecurity$AccessBuildCloseEntriesExplicitFileModuleOpenValueWith
      • String ID: LiveUpdate$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 4218273391-3400392916
      • Opcode ID: a777f8cc5ebc364c6c8232df2c8f17a8fb27b862e7d670335a6bd31dbf8ff923
      • Instruction ID: 9cbc189060c18ce78410ef20227df155c72ab83715970fe9a40628cbd408b6b5
      • Opcode Fuzzy Hash: a777f8cc5ebc364c6c8232df2c8f17a8fb27b862e7d670335a6bd31dbf8ff923
      • Instruction Fuzzy Hash: 1BF0A4742443017BE710DB64DD46FABBBACEBC8B41F40482CB788F51E4D6F895448B16
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OutputDebugStringA.KERNEL32(Mfc), ref: 0040178F
      • #823.MFC42(0009B508), ref: 004017AF
      • Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,004026BB,000000FF), ref: 00401807
      • Sleep.KERNEL32(000000FF,?,?,?,?,?,?,?,?,004026BB,000000FF), ref: 00401815
        • Part of subcall function 00401080: #115.WS2_32(00000202,?), ref: 004010A6
        • Part of subcall function 00401080: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010B3
      Strings
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: Sleep$#115#823CreateDebugEventOutputString
      • String ID: Mfc
      • API String ID: 2833356625-1612659522
      • Opcode ID: bebb76b723997918654a999a69f69a20b33b32606a1c900f57b52688f8bd6edc
      • Instruction ID: 4e81b0ca89eaf2c811d033bf8b2def4f79f93be1ff23169893ae51c573424b6d
      • Opcode Fuzzy Hash: bebb76b723997918654a999a69f69a20b33b32606a1c900f57b52688f8bd6edc
      • Instruction Fuzzy Hash: 8811E7712047419BC710EB299D01747B7E8AF84B60F10863EF865E77E0E778D5058B9A
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #1134.MFC42(00000000), ref: 004014BD
      • #2621.MFC42 ref: 004014C7
        • Part of subcall function 00401830: #324.MFC42(00000066,00000000,?,?,00000000,004026D8,000000FF,004014D7,00000000), ref: 00401854
        • Part of subcall function 00401830: #1168.MFC42(00000066,00000000,?,?,00000000), ref: 00401867
        • Part of subcall function 00401830: #1146.MFC42(00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 00401878
        • Part of subcall function 00401830: LoadIconA.USER32(00000000,00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 0040187E
      • #2514.MFC42 ref: 004014EA
      • #641.MFC42 ref: 004014FB
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: #1134#1146#1168#2514#2621#324#641IconLoad
      • String ID:
      • API String ID: 1043086884-0
      • Opcode ID: efa230d1079e9de0d29f679f868029c9d7f9f27ec93580d8432ab6c15d55fb81
      • Instruction ID: 9ac1edc087fe73fa880d4135cd06f65b566d67c54fc8b22c3b4d24c0721ffe3b
      • Opcode Fuzzy Hash: efa230d1079e9de0d29f679f868029c9d7f9f27ec93580d8432ab6c15d55fb81
      • Instruction Fuzzy Hash: F6F0F0715047809BD714EB24CE06B4AB7E4BB44B24F100B3EF1A5672D0EFBC9901CB82
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #324.MFC42(00000066,00000000,?,?,00000000,004026D8,000000FF,004014D7,00000000), ref: 00401854
      • #1168.MFC42(00000066,00000000,?,?,00000000), ref: 00401867
      • #1146.MFC42(00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 00401878
      • LoadIconA.USER32(00000000,00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 0040187E
      Memory Dump Source
      • Source File: 00000004.00000002.1852130312.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000004.00000002.1852114004.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852144861.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852159203.0000000000405000.00000008.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000004.00000002.1852174165.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_4_2_400000_msedge.jbxd
      Similarity
      • API ID: #1146#1168#324IconLoad
      • String ID:
      • API String ID: 193567849-0
      • Opcode ID: ae38331880f904f8940b0db11f786ac260f9ac9c5cb01ac82e5bf28cb00e4633
      • Instruction ID: 82116a89cb9603d1ca7d6e139d9602a0a07866cbfa2ff2280934cd3600aa4aee
      • Opcode Fuzzy Hash: ae38331880f904f8940b0db11f786ac260f9ac9c5cb01ac82e5bf28cb00e4633
      • Instruction Fuzzy Hash: B0F05EB1644B50BFD3509F59CE06B1ABAA8FB04B20F008A2EF591A77C0D7FD44008B59
      Uniqueness

      Uniqueness Score: -1.00%

      Execution Graph

      Execution Coverage:4.1%
      Dynamic/Decrypted Code Coverage:84.7%
      Signature Coverage:0%
      Total number of Nodes:295
      Total number of Limit Nodes:8
      execution_graph 11888 4018c0 #4710 GetSystemMenu #2863 11889 401955 SendMessageA SendMessageA 11888->11889 11890 4018f7 #540 #4160 11888->11890 11895 401770 OutputDebugStringA #823 11889->11895 11891 401944 #800 11890->11891 11892 40191e AppendMenuA AppendMenuA 11890->11892 11891->11889 11892->11891 11894 401982 CreateSolidBrush #1641 #5802 #6197 11896 4017ce 11895->11896 11897 4017c7 11895->11897 11906 4011f0 11896->11906 11905 401080 WSAStartup CreateEventA 11897->11905 11901 4017f5 11902 401813 Sleep 11901->11902 11903 401805 Sleep 11901->11903 11902->11894 11903->11902 11903->11903 11905->11896 11910 401210 socket 11906->11910 11908 401200 11908->11901 11909 401130 send 11908->11909 11909->11901 11911 401233 11910->11911 11912 40122a 11910->11912 11913 40123e gethostbyname htons GetProcAddress connect 11911->11913 11912->11908 11914 4012a3 CreateThread 11913->11914 11915 401288 ResetEvent WaitForSingleObject 11913->11915 11914->11908 11916 4012d0 11914->11916 11915->11913 11919 4012da 11916->11919 11917 401304 GetProcAddress recv 11917->11919 11920 4013e6 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@ FreeLibrary WSACleanup 11917->11920 11918 40137d Sleep Sleep Sleep Sleep Sleep 11924 401190 malloc 11918->11924 11919->11917 11919->11918 11922 401337 Sleep Sleep Sleep 11919->11922 11922->11918 11922->11919 11923 4013d7 11925 4011a9 11924->11925 11926 4011ad VirtualProtect CreateThread 11924->11926 11925->11923 11926->11923 11927 2470048 11926->11927 11930 2470058 11927->11930 11931 2470062 11930->11931 11934 2470088 11931->11934 11933 2470052 11953 2470858 11934->11953 11936 2470090 11975 2470478 11936->11975 11938 24700a2 11939 24700ab 11938->11939 11940 24700b8 11938->11940 12066 2470688 11939->12066 12001 24705d8 11940->12001 11945 24700d7 12004 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 11945->12004 11946 24700ca 11947 2470688 LoadLibraryA 11946->11947 11948 24700d0 11947->11948 11948->11933 11950 2470688 LoadLibraryA 11951 24700e0 11950->11951 11951->11933 11954 24708ec 11953->11954 12069 24707e8 11954->12069 11956 2471158 11957 24707e8 LoadLibraryA 11956->11957 11958 2471179 11957->11958 11959 24707e8 LoadLibraryA 11958->11959 11960 24711df 11959->11960 11961 24707e8 LoadLibraryA 11960->11961 11962 24711fd 11961->11962 11963 24707e8 LoadLibraryA 11962->11963 11964 2471247 11963->11964 11965 24707e8 LoadLibraryA 11964->11965 11966 24712d1 11965->11966 11967 24707e8 LoadLibraryA 11966->11967 11968 24712f2 11967->11968 11969 24707e8 LoadLibraryA 11968->11969 11970 2471313 11969->11970 11971 24707e8 LoadLibraryA 11970->11971 11972 2471334 11971->11972 11973 24707e8 LoadLibraryA 11972->11973 11974 2471435 11973->11974 11974->11936 11976 2470858 LoadLibraryA 11975->11976 11977 2470482 11976->11977 11978 247048f 11977->11978 11979 24704aa VirtualAlloc 11977->11979 11978->11938 11980 24704c2 11979->11980 11981 24704d7 11980->11981 11982 24704e8 VirtualAlloc VirtualAlloc 11980->11982 11981->11938 11983 247052a 11982->11983 12072 24700f8 11983->12072 11985 2470544 12077 2470348 11985->12077 11988 2470578 12082 24701a8 11988->12082 11989 2470568 11991 2470688 LoadLibraryA 11989->11991 11993 247056d 11991->11993 11993->11938 11994 24705bc 11994->11938 11995 24705a0 11995->11994 11999 2470688 LoadLibraryA 11995->11999 11996 247058f 11997 2470688 LoadLibraryA 11996->11997 11998 2470595 11997->11998 11998->11938 12000 24705b1 11999->12000 12000->11938 12002 2470858 LoadLibraryA 12001->12002 12003 24700c3 12002->12003 12003->11945 12003->11946 12005 1000e65e 12004->12005 12006 1000e64f ??2@YAPAXI 12004->12006 12088 10005180 RegCreateKeyA 12005->12088 12006->12005 12009 1000e69d 12099 1000de90 12009->12099 12010 1000e75f 12011 1000e764 GetModuleFileNameA 12010->12011 12012 1000e785 12010->12012 12014 1000e742 SetFileAttributesA CreateThread 12011->12014 12015 1000e791 OutputDebugStringA 12012->12015 12016 1000e78a OutputDebugStringA 12012->12016 12014->12015 12175 1000e530 12014->12175 12018 1000e923 12015->12018 12019 1000e7a5 12015->12019 12016->12015 12021 1000eb15 12018->12021 12022 1000e929 OutputDebugStringA _wcsicmp 12018->12022 12023 1000e7cc GetNativeSystemInfo 12019->12023 12024 1000e7ae ??2@YAPAXI 12019->12024 12020 1000de90 105 API calls 12025 1000e6b1 12020->12025 12169 1000fb3c 12021->12169 12029 1000e967 _wcsicmp 12022->12029 12030 1000e94c 12022->12030 12027 1000e7e2 12023->12027 12028 1000e7e8 GetSystemWow64DirectoryA 12023->12028 12032 1000e7bd 12024->12032 12026 1000de90 105 API calls 12025->12026 12033 1000e6bb 12026->12033 12027->12028 12034 1000e7fd GetSystemDirectoryA 12027->12034 12035 1000e810 OutputDebugStringA 12028->12035 12029->12021 12037 1000e981 OutputDebugStringA 12029->12037 12163 1000dc20 12030->12163 12032->12023 12039 1000de90 105 API calls 12033->12039 12034->12035 12040 1000e820 12035->12040 12041 1000e9b5 GetNativeSystemInfo 12037->12041 12042 1000e997 ??2@YAPAXI 12037->12042 12038 24700da 12038->11950 12043 1000e6c5 12039->12043 12040->12040 12044 1000e828 SHGetFolderPathA sprintf_s CopyFileA 12040->12044 12046 1000e9d1 GetSystemWow64DirectoryA 12041->12046 12047 1000e9cb 12041->12047 12045 1000e9a6 12042->12045 12048 1000de90 105 API calls 12043->12048 12049 1000e8a4 12044->12049 12045->12041 12051 1000e9f9 OutputDebugStringA 12046->12051 12047->12046 12050 1000e9e6 GetSystemDirectoryA 12047->12050 12053 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 12048->12053 12049->12049 12054 1000e8ac OutputDebugStringA 12049->12054 12050->12051 12052 1000ea08 12051->12052 12052->12052 12055 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 12052->12055 12053->12014 12056 1000e8e8 12054->12056 12057 1000e8d9 ??2@YAPAXI 12054->12057 12058 1000ea90 12055->12058 12143 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 12056->12143 12057->12056 12058->12058 12061 1000ea98 OutputDebugStringA OutputDebugStringA 12058->12061 12060 1000e908 12062 1000e915 FindCloseChangeNotification ExitProcess 12060->12062 12063 1000eb0f CloseHandle 12060->12063 12064 1000eacc ??2@YAPAXI 12061->12064 12065 1000eadb 12061->12065 12063->12021 12064->12065 12065->12063 12067 2470858 LoadLibraryA 12066->12067 12068 24700b1 12067->12068 12068->11933 12070 24707f0 12069->12070 12071 247083c LoadLibraryA 12070->12071 12071->11956 12073 2470858 LoadLibraryA 12072->12073 12075 2470108 12073->12075 12074 2470159 VirtualAlloc 12074->12075 12075->12074 12076 24701a1 12075->12076 12076->11985 12078 2470858 LoadLibraryA 12077->12078 12081 2470364 12078->12081 12079 24707e8 LoadLibraryA 12079->12081 12080 247044c 12080->11988 12080->11989 12081->12079 12081->12080 12083 2470858 LoadLibraryA 12082->12083 12087 24701b1 12083->12087 12084 24702b5 12084->11994 12084->11995 12084->11996 12085 24701fb VirtualFree 12085->12087 12086 2470283 VirtualProtect 12086->12087 12087->12084 12087->12085 12087->12086 12089 10005291 12088->12089 12090 100051c4 RegQueryValueExA 12088->12090 12091 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 12089->12091 12092 100051f8 12090->12092 12093 100052a2 12091->12093 12094 10005234 RegQueryValueExA 12092->12094 12097 10005217 RegSetValueExA 12092->12097 12093->12009 12093->12010 12095 10005262 12094->12095 12096 1000526b RegSetValueExA 12094->12096 12095->12096 12098 10005284 RegCloseKey 12095->12098 12096->12098 12097->12094 12098->12089 12100 10005720 12 API calls 12099->12100 12101 1000deaa 12100->12101 12102 1000deb5 OpenProcess 12101->12102 12103 1000e37b 12101->12103 12102->12103 12105 1000ded0 OpenProcessToken 12102->12105 12104 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 12103->12104 12106 1000e388 12104->12106 12107 1000e374 CloseHandle 12105->12107 12108 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 12105->12108 12106->12020 12107->12103 12109 1000df64 AdjustTokenPrivileges 12108->12109 12110 1000df88 LookupPrivilegeValueA 12108->12110 12109->12110 12111 1000dfa3 AdjustTokenPrivileges 12110->12111 12112 1000dfc7 LookupPrivilegeValueA 12110->12112 12111->12112 12113 1000dfe2 AdjustTokenPrivileges 12112->12113 12114 1000e006 LookupPrivilegeValueA 12112->12114 12113->12114 12115 1000e021 AdjustTokenPrivileges 12114->12115 12116 1000e045 LookupPrivilegeValueA 12114->12116 12115->12116 12117 1000e060 AdjustTokenPrivileges 12116->12117 12118 1000e084 LookupPrivilegeValueA 12116->12118 12117->12118 12119 1000e0c3 LookupPrivilegeValueA 12118->12119 12120 1000e09f AdjustTokenPrivileges 12118->12120 12121 1000e102 LookupPrivilegeValueA 12119->12121 12122 1000e0de AdjustTokenPrivileges 12119->12122 12120->12119 12123 1000e141 LookupPrivilegeValueA 12121->12123 12124 1000e11d AdjustTokenPrivileges 12121->12124 12122->12121 12125 1000e180 LookupPrivilegeValueA 12123->12125 12126 1000e15c AdjustTokenPrivileges 12123->12126 12124->12123 12127 1000e19b AdjustTokenPrivileges 12125->12127 12128 1000e1bf LookupPrivilegeValueA 12125->12128 12126->12125 12127->12128 12129 1000e1da AdjustTokenPrivileges 12128->12129 12130 1000e1fe LookupPrivilegeValueA 12128->12130 12129->12130 12131 1000e219 AdjustTokenPrivileges 12130->12131 12132 1000e23d LookupPrivilegeValueA 12130->12132 12131->12132 12133 1000e258 AdjustTokenPrivileges 12132->12133 12134 1000e27c LookupPrivilegeValueA 12132->12134 12133->12134 12135 1000e297 AdjustTokenPrivileges 12134->12135 12136 1000e2bb GetLengthSid SetTokenInformation 12134->12136 12135->12136 12137 1000dd00 64 API calls 12136->12137 12138 1000e303 12137->12138 12139 1000e315 PostThreadMessageA 12138->12139 12140 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 12138->12140 12139->12139 12139->12140 12141 1000e371 12140->12141 12142 1000e367 ??3@YAXPAX 12140->12142 12141->12107 12142->12141 12144 100054c5 OutputDebugStringA Wow64SuspendThread OutputDebugStringA VirtualAllocEx 12143->12144 12145 1000536c memset 12143->12145 12146 10005500 OutputDebugStringA WriteProcessMemory 12144->12146 12147 100054b2 12144->12147 12148 100053ad GetNativeSystemInfo 12145->12148 12149 1000538f ??2@YAPAXI 12145->12149 12146->12147 12153 10005526 OutputDebugStringA QueueUserAPC ResumeThread 12146->12153 12152 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 12147->12152 12150 100053c7 12148->12150 12151 100053cd GetSystemWow64DirectoryA 12148->12151 12154 1000539e 12149->12154 12150->12151 12155 100053e1 GetSystemDirectoryA 12150->12155 12156 100053f3 OutputDebugStringA 12151->12156 12157 100054c1 12152->12157 12158 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 12153->12158 12154->12148 12155->12156 12160 10005401 12156->12160 12157->12060 12159 1000555b 12158->12159 12159->12060 12160->12160 12161 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 12160->12161 12161->12144 12162 1000549a CloseHandle CloseHandle 12161->12162 12162->12147 12164 1000dc6d 6 API calls 12163->12164 12165 1000dc4f ??2@YAPAXI 12163->12165 12167 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 12164->12167 12166 1000dc5e 12165->12166 12166->12164 12168 1000dcf0 12167->12168 12170 1000fb44 12169->12170 12171 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 12169->12171 12170->12038 12173 10010137 _crt_debugger_hook 12171->12173 12174 1001013f GetCurrentProcess TerminateProcess 12171->12174 12173->12174 12174->12038 12176 1000e550 RegOpenKeyExA 12175->12176 12177 1000e5ab 12176->12177 12178 1000e56c RegQueryValueExA 12176->12178 12179 1000e390 117 API calls 12177->12179 12180 1000e5a0 RegCloseKey 12178->12180 12181 1000e588 RegCloseKey Sleep 12178->12181 12182 1000e5b0 Sleep 12179->12182 12180->12177 12181->12176 12182->12176 12183 4014a0 #1134 #2621 12186 401830 #324 #1168 #1146 LoadIconA 12183->12186 12185 4014d7 #2514 #641 12186->12185 12187 4024a0 __set_app_type __p__fmode __p__commode 12188 40250f 12187->12188 12189 402523 12188->12189 12190 402517 __setusermatherr 12188->12190 12199 402610 _controlfp 12189->12199 12190->12189 12192 402528 _initterm __getmainargs _initterm 12193 40257c GetStartupInfoA 12192->12193 12195 4025b0 GetModuleHandleA 12193->12195 12200 402632 #1576 12195->12200 12198 4025d4 exit _XcptFilter 12199->12192 12200->12198 12201 2470088 12202 2470858 LoadLibraryA 12201->12202 12203 2470090 12202->12203 12204 2470478 7 API calls 12203->12204 12205 24700a2 12204->12205 12206 24700ab 12205->12206 12207 24700b8 12205->12207 12209 2470688 LoadLibraryA 12206->12209 12208 24705d8 LoadLibraryA 12207->12208 12210 24700c3 12208->12210 12211 24700b1 12209->12211 12212 24700d7 12210->12212 12213 24700ca 12210->12213 12219 1000e5c0 204 API calls 12212->12219 12214 2470688 LoadLibraryA 12213->12214 12215 24700d0 12214->12215 12216 24700da 12217 2470688 LoadLibraryA 12216->12217 12218 24700e0 12217->12218 12219->12216

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 6 1000dd7c-1000dd84 4->6 7 1000de3d-1000de4a Thread32Next 4->7 8 1000dd86-1000dd8d 6->8 9 1000dded-1000ddf2 6->9 7->1 7->4 8->9 12 1000dd8f-1000dd9b 8->12 10 1000ddf4-1000de00 9->10 11 1000de2d-1000de32 9->11 13 1000de02-1000de0a 10->13 14 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 10->14 17 1000de34-1000de37 11->17 18 1000de39 11->18 15 1000dddb-1000dde5 12->15 16 1000dd9d-1000dda7 12->16 13->11 21 1000de0c-1000de19 13->21 31 1000deb5-1000deca OpenProcess 14->31 32 1000e37b-1000e38b call 1000fb3c 14->32 15->18 19 1000dde7-1000ddeb 15->19 16->14 22 1000ddad-1000ddb5 16->22 17->18 18->7 19->18 24 1000de1b-1000de1d 21->24 25 1000de1f 21->25 22->15 26 1000ddb7-1000ddc4 22->26 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 37 1000ded0-1000dee2 OpenProcessToken 31->37 33->34 34->11 39 1000ddd0 35->39 40 1000ddd2-1000ddd8 call 10006370 35->40 43 1000e374-1000e375 CloseHandle 37->43 44 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 37->44 39->40 40->15 43->32 46 1000df64-1000df86 AdjustTokenPrivileges 44->46 47 1000df88-1000dfa1 LookupPrivilegeValueA 44->47 46->47 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 47->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 47->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->43 79->78
      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
      • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
      • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
      • CloseHandle.KERNEL32(00000000), ref: 1000DE51
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
      • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
      • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
      • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
      • CloseHandle.KERNEL32(?), ref: 1000E35A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
      • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
      • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
      • API String ID: 1580616088-3994885262
      • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
      • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
      • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
      • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 154 1000de90-1000deaf call 10005720 157 1000deb5-1000deca OpenProcess 154->157 158 1000e37b-1000e38b call 1000fb3c 154->158 157->158 160 1000ded0-1000dee2 OpenProcessToken 157->160 162 1000e374-1000e375 CloseHandle 160->162 163 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 160->163 162->158 164 1000df64-1000df86 AdjustTokenPrivileges 163->164 165 1000df88-1000dfa1 LookupPrivilegeValueA 163->165 164->165 166 1000dfa3-1000dfc5 AdjustTokenPrivileges 165->166 167 1000dfc7-1000dfe0 LookupPrivilegeValueA 165->167 166->167 168 1000dfe2-1000e004 AdjustTokenPrivileges 167->168 169 1000e006-1000e01f LookupPrivilegeValueA 167->169 168->169 170 1000e021-1000e043 AdjustTokenPrivileges 169->170 171 1000e045-1000e05e LookupPrivilegeValueA 169->171 170->171 172 1000e060-1000e082 AdjustTokenPrivileges 171->172 173 1000e084-1000e09d LookupPrivilegeValueA 171->173 172->173 174 1000e0c3-1000e0dc LookupPrivilegeValueA 173->174 175 1000e09f-1000e0c1 AdjustTokenPrivileges 173->175 176 1000e102-1000e11b LookupPrivilegeValueA 174->176 177 1000e0de-1000e100 AdjustTokenPrivileges 174->177 175->174 178 1000e141-1000e15a LookupPrivilegeValueA 176->178 179 1000e11d-1000e13f AdjustTokenPrivileges 176->179 177->176 180 1000e180-1000e199 LookupPrivilegeValueA 178->180 181 1000e15c-1000e17e AdjustTokenPrivileges 178->181 179->178 182 1000e19b-1000e1bd AdjustTokenPrivileges 180->182 183 1000e1bf-1000e1d8 LookupPrivilegeValueA 180->183 181->180 182->183 184 1000e1da-1000e1fc AdjustTokenPrivileges 183->184 185 1000e1fe-1000e217 LookupPrivilegeValueA 183->185 184->185 186 1000e219-1000e23b AdjustTokenPrivileges 185->186 187 1000e23d-1000e256 LookupPrivilegeValueA 185->187 186->187 188 1000e258-1000e27a AdjustTokenPrivileges 187->188 189 1000e27c-1000e295 LookupPrivilegeValueA 187->189 188->189 190 1000e297-1000e2b9 AdjustTokenPrivileges 189->190 191 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 189->191 190->191 194 1000e315-1000e334 PostThreadMessageA 191->194 195 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 191->195 194->194 194->195 196 1000e371 195->196 197 1000e367-1000e36e ??3@YAXPAX@Z 195->197 196->162 197->196
      APIs
        • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
        • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • Part of subcall function 10005720: FindCloseChangeNotification.KERNELBASE(00000000), ref: 10005790
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
      • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
      • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
      • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
      • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
      • CloseHandle.KERNEL32(?), ref: 1000E35A
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
      • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
      • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
      • API String ID: 2285828341-3151685581
      • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
      • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
      • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
      • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • OutputDebugStringA.KERNEL32(PuppetProcess1,?,?,74DE9350), ref: 100052DC
      • memset.MSVCR100 ref: 100052EA
      • OutputDebugStringA.KERNEL32(PuppetProcess2,?,?,74DE9350), ref: 10005340
      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,?,74DE9350), ref: 10005362
      • memset.MSVCR100 ref: 1000537F
      • ??2@YAPAXI@Z.MSVCR100 ref: 10005391
      • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,74DE9350), ref: 100053B4
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,?,74DE9350), ref: 100053D9
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100053ED
      • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,?,74DE9350), ref: 100053F8
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,?,74DE9350), ref: 10005438
      • sprintf_s.MSVCR100 ref: 10005456
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000546E
      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 10005494
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054A7
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054B0
      • OutputDebugStringA.KERNELBASE(PuppetProcess3,?,?,74DE9350), ref: 100054CA
      • Wow64SuspendThread.KERNEL32(?,?,?,74DE9350), ref: 100054D3
      • OutputDebugStringA.KERNEL32(PuppetProcess4,?,?,74DE9350), ref: 100054DE
      • VirtualAllocEx.KERNELBASE(?,00000000,0004DA78,00003000,00000040,?,?,74DE9350), ref: 100054F4
      • OutputDebugStringA.KERNELBASE(PuppetProcess5,?,?,74DE9350), ref: 10005505
      • WriteProcessMemory.KERNELBASE(?,00000000,?,0004DA78,00000000,?,?,74DE9350), ref: 1000551C
      • OutputDebugStringA.KERNEL32(PuppetProcess6,?,?,74DE9350), ref: 1000552B
      • QueueUserAPC.KERNELBASE(00000000,?,00000000,?,?,74DE9350), ref: 10005536
      • ResumeThread.KERNELBASE(?,?,?,74DE9350), ref: 10005543
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadWow64memset$??2@AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWritesprintf_s
      • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
      • API String ID: 1861898608-3220118345
      • Opcode ID: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
      • Instruction ID: aded121a93d6f97706c05bd1408f558c03f80ff1c0b964637246e8f354e17e79
      • Opcode Fuzzy Hash: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
      • Instruction Fuzzy Hash: 727160F1900228AFEB15DB64CCD4EEA77BDEB48745F008199F609A7140DA71AF94CF61
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 80 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 81 1000e66d-1000e697 call 10005180 80->81 82 1000e64f-1000e65c ??2@YAPAXI@Z 80->82 88 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 81->88 89 1000e75f-1000e762 81->89 83 1000e666 82->83 84 1000e65e-1000e664 82->84 86 1000e668 83->86 84->86 86->81 93 1000e742-1000e75d SetFileAttributesA CreateThread 88->93 90 1000e764-1000e783 GetModuleFileNameA 89->90 91 1000e785-1000e788 89->91 90->93 94 1000e791-1000e79f OutputDebugStringA 91->94 95 1000e78a-1000e78f OutputDebugStringA 91->95 93->94 97 1000e923 94->97 98 1000e7a5-1000e7ac 94->98 95->94 100 1000eb15-1000eb2b call 1000fb3c 97->100 101 1000e929-1000e94a OutputDebugStringA _wcsicmp 97->101 102 1000e7cc-1000e7e0 GetNativeSystemInfo 98->102 103 1000e7ae-1000e7bb ??2@YAPAXI@Z 98->103 108 1000e967-1000e97b _wcsicmp 101->108 109 1000e94c-1000e962 call 1000dc20 101->109 106 1000e7e2-1000e7e6 102->106 107 1000e7e8-1000e7fb GetSystemWow64DirectoryA 102->107 111 1000e7c5 103->111 112 1000e7bd-1000e7c3 103->112 106->107 115 1000e7fd-1000e80a GetSystemDirectoryA 106->115 116 1000e810-1000e81f OutputDebugStringA 107->116 108->100 118 1000e981-1000e995 OutputDebugStringA 108->118 109->108 113 1000e7c7 111->113 112->113 113->102 115->116 121 1000e820-1000e826 116->121 122 1000e9b5-1000e9c9 GetNativeSystemInfo 118->122 123 1000e997-1000e9a4 ??2@YAPAXI@Z 118->123 121->121 125 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 121->125 128 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 122->128 129 1000e9cb-1000e9cf 122->129 126 1000e9a6-1000e9ac 123->126 127 1000e9ae 123->127 131 1000e8a4-1000e8aa 125->131 132 1000e9b0 126->132 127->132 134 1000e9f9-1000ea07 OutputDebugStringA 128->134 129->128 133 1000e9e6-1000e9f3 GetSystemDirectoryA 129->133 131->131 137 1000e8ac-1000e8d7 OutputDebugStringA 131->137 132->122 133->134 135 1000ea08-1000ea0e 134->135 135->135 138 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 135->138 139 1000e8f7-1000e90f call 100052b0 137->139 140 1000e8d9-1000e8e6 ??2@YAPAXI@Z 137->140 141 1000ea90-1000ea96 138->141 148 1000e915-1000e91d FindCloseChangeNotification ExitProcess 139->148 149 1000eb0f CloseHandle 139->149 142 1000e8f0 140->142 143 1000e8e8-1000e8ee 140->143 141->141 146 1000ea98-1000eaca OutputDebugStringA * 2 141->146 147 1000e8f2 142->147 143->147 150 1000eacc-1000ead9 ??2@YAPAXI@Z 146->150 151 1000eafe-1000eb03 146->151 147->139 149->100 152 1000eaf7-1000eaf9 150->152 153 1000eadb-1000eaeb 150->153 151->149 152->151 153->152
      APIs
      • OutputDebugStringA.KERNELBASE(dll run), ref: 1000E5EF
      • OutputDebugStringA.KERNELBASE(dll run2), ref: 1000E5F6
      • GetCommandLineW.KERNEL32 ref: 1000E616
      • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
      • memset.MSVCR100 ref: 1000E63E
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
      • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
      • sprintf_s.MSVCR100 ref: 1000E714
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
      • SetFileAttributesA.KERNELBASE(?,00000002), ref: 1000E742
      • CreateThread.KERNELBASE(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
      • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
      • OutputDebugStringA.KERNELBASE(dll run3), ref: 1000E796
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
      • GetNativeSystemInfo.KERNELBASE(?), ref: 1000E7D1
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
      • OutputDebugStringA.KERNELBASE(dll run4), ref: 1000E815
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
      • sprintf_s.MSVCR100 ref: 1000E87B
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
      • OutputDebugStringA.KERNELBASE(?), ref: 1000E8CE
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 1000E915
      • ExitProcess.KERNEL32 ref: 1000E91D
      • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
      • _wcsicmp.MSVCR100 ref: 1000E943
      • _wcsicmp.MSVCR100 ref: 1000E974
      • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
      • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
      • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
      • sprintf_s.MSVCR100 ref: 1000EA63
      • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
      • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
      • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
        • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CF0086A), ref: 1000DC8B
        • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
        • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • Part of subcall function 1000DC20: CloseHandle.KERNEL32(?), ref: 1000DCD4
        • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderPathsprintf_s$CommandCreateHandleInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesChangeEventExitFindNotificationProcessThread_beginthreadexmemset
      • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
      • API String ID: 3194832325-3018988614
      • Opcode ID: d5f84046543b8348c1f5e72567a90c4764cb23b4357569a304995b6c00c203f1
      • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
      • Opcode Fuzzy Hash: d5f84046543b8348c1f5e72567a90c4764cb23b4357569a304995b6c00c203f1
      • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • GetProcAddress.KERNEL32(74D60000,recv), ref: 0040130F
      • recv.WS2_32(?,?,00002800,00000000), ref: 00401327
      • Sleep.KERNELBASE(0000000A), ref: 00401362
      • Sleep.KERNELBASE(0000000A), ref: 00401366
      • Sleep.KERNEL32(0000000A), ref: 0040136A
      • Sleep.KERNEL32(0000000A), ref: 004013BE
      • Sleep.KERNEL32(0000000A), ref: 004013C2
      • Sleep.KERNEL32(0000000A), ref: 004013C6
      • Sleep.KERNEL32(0000000A), ref: 004013CA
      • Sleep.KERNEL32(0000000A), ref: 004013CE
      • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP60(6CC3A484,Failed to get address of recv function), ref: 004013F1
      • ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z.MSVCP60(00000000), ref: 004013F8
      • FreeLibrary.KERNEL32(74D60000), ref: 00401408
      • WSACleanup.WS2_32 ref: 0040140E
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: Sleep$U?$char_traits@V?$basic_ostream@$??6std@@?endl@std@@AddressCleanupD@std@@@0@D@std@@@1@FreeLibraryProcV10@V21@@recv
      • String ID: 206.238.220.90$Failed to get address of recv function$recv
      • API String ID: 3081592892-4270088739
      • Opcode ID: a7ee4c617e318cf3673958e8d403d371162d5e1c6e21e0cc1667c98407d6214d
      • Instruction ID: 9be3d8a21712bd1a561837db3ef8e6b01427c5c74414111fb4788be54016bcab
      • Opcode Fuzzy Hash: a7ee4c617e318cf3673958e8d403d371162d5e1c6e21e0cc1667c98407d6214d
      • Instruction Fuzzy Hash: 9231E2327003049BD714DF64DD84B9B7B95EB84760F04457AEE05AF2D1CAB4AD09CBAA
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • #4710.MFC42(?,?,?,?,004026F8,000000FF), ref: 004018DA
      • GetSystemMenu.USER32(?,00000000,?,?,?,?,004026F8,000000FF), ref: 004018E5
      • #2863.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 004018EC
      • #540.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 004018FB
      • #4160.MFC42(00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 0040190E
      • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401932
      • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401941
      • #800.MFC42(00000065,00000000,?,?,?,?,004026F8,000000FF), ref: 00401950
      • SendMessageA.USER32(?,00000080,00000001,?), ref: 0040196A
      • SendMessageA.USER32(?,00000080,00000000,?), ref: 0040197B
      • CreateSolidBrush.GDI32(00000000), ref: 00401984
      • #1641.MFC42(00000000,?,?,?,?,004026F8,000000FF), ref: 00401990
      • #5802.MFC42(000003EA,000000CF,00000001,00000000,00000000,?,?,?,?,004026F8,000000FF), ref: 004019A5
      • #6197.MFC42(6D15A098,00000000,00000000,00000000,00000000,00000003,000003EA,000000CF,00000001,00000000,00000000,?,?,?,?,004026F8), ref: 004019BC
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: Menu$AppendMessageSend$#1641#2863#4160#4710#540#5802#6197#800BrushCreateSolidSystem
      • String ID: `6@
      • API String ID: 299526166-1213645527
      • Opcode ID: 24929db14cd33e43e6965752aab6bc1e162f4aea1e8896d2f75077570610a2f9
      • Instruction ID: 64577c4a9b072b4d16e33900ab0bac8fea65f0c880726bb527a46fac44a935b1
      • Opcode Fuzzy Hash: 24929db14cd33e43e6965752aab6bc1e162f4aea1e8896d2f75077570610a2f9
      • Instruction Fuzzy Hash: 8B3153713407007BE220EB65CD86F6BB799BB88B10F104A2DF6557B2D1CBB8F9008B59
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 238 10005180-100051be RegCreateKeyA 239 10005291-100052a5 call 1000fb3c 238->239 240 100051c4-100051f6 RegQueryValueExA 238->240 242 10005201-1000520a 240->242 243 100051f8-100051ff 240->243 246 10005210-10005215 242->246 243->242 245 10005234-10005260 RegQueryValueExA 243->245 247 10005262-10005269 245->247 248 1000526b-10005282 RegSetValueExA 245->248 246->246 249 10005217-10005232 RegSetValueExA 246->249 247->248 250 10005284-1000528b RegCloseKey 247->250 248->250 249->245 250->239
      APIs
      • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
      • RegQueryValueExA.KERNELBASE(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
      • RegQueryValueExA.KERNELBASE(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
      • RegCloseKey.KERNELBASE(?,?,?), ref: 1000528B
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Value$Query$CloseCreate
      • String ID: BITS$Host$SYSTEM\Setup
      • API String ID: 2357964129-2174744495
      • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
      • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
      • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
      • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      APIs
      • socket.WS2_32(00000002,00000001,00000006), ref: 0040121C
      • gethostbyname.WS2_32(?), ref: 0040123F
      • htons.WS2_32(?), ref: 0040124F
      • GetProcAddress.KERNEL32(74D60000,connect), ref: 00401270
      • connect.WS2_32(?,?,00000010), ref: 00401281
      • ResetEvent.KERNEL32(?), ref: 0040128C
      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 0040129B
      • CreateThread.KERNELBASE(00000000,00000000,Function_000012D0,?,00000000,00000000), ref: 004012B1
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: AddressCreateEventObjectProcResetSingleThreadWaitconnectgethostbynamehtonssocket
      • String ID: connect
      • API String ID: 3219754876-1959786783
      • Opcode ID: 4c41718f995511b4e19e61dbe1beb07ff7b72ff6a41332ec730e158978cf068d
      • Instruction ID: a7ec17a1c9397f4a8347c85be3d4e262ab070995ff1524a48aaa81642f70005b
      • Opcode Fuzzy Hash: 4c41718f995511b4e19e61dbe1beb07ff7b72ff6a41332ec730e158978cf068d
      • Instruction Fuzzy Hash: C2118135640701ABD310EF68DC49F1BB7A8FB88711F104A6DF265F62E0C774A5148B59
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 257 1000e530-1000e547 258 1000e550-1000e56a RegOpenKeyExA 257->258 259 1000e5ab-1000e5bb call 1000e390 Sleep 258->259 260 1000e56c-1000e586 RegQueryValueExA 258->260 259->258 262 1000e5a0-1000e5a5 RegCloseKey 260->262 263 1000e588-1000e59e RegCloseKey Sleep 260->263 262->259 263->258
      APIs
      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
      • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
      • RegCloseKey.KERNELBASE(?), ref: 1000E58D
      • Sleep.KERNELBASE(00000BB8), ref: 1000E598
      • RegCloseKey.ADVAPI32(?), ref: 1000E5A5
      • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
      Strings
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
      • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CloseSleep$OpenQueryValue
      • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 3341780449-3687489623
      • Opcode ID: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
      • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
      • Opcode Fuzzy Hash: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
      • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 265 24707e8-2470849 call 2470718 call 24707c8 LoadLibraryA
      APIs
      • LoadLibraryA.KERNELBASE(?,00000000,00000072), ref: 02470844
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: A$b$d$i$o$y
      • API String ID: 1029625771-4132616007
      • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
      • Instruction ID: 0d76cbd2e7c75cf29b1d5d4a4fa2dfb5db0a60163cc52bdb08d1b26ca8c49474
      • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
      • Instruction Fuzzy Hash: BDF0975400D3C1AED342E769944569FBFD61BE2644F48CC8CE4D81B243D2BA965CC773
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 270 10005720-1000575c CreateToolhelp32Snapshot Process32First 271 1000575e 270->271 272 1000578f-100057a7 FindCloseChangeNotification call 1000fb3c 270->272 274 10005760-10005773 _mbsicmp 271->274 275 10005775-10005785 Process32Next 274->275 276 10005789 274->276 275->274 278 10005787 275->278 276->272 278->272
      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
      • Process32First.KERNEL32(00000000,00000128), ref: 10005754
      • _mbsicmp.MSVCR100 ref: 10005768
      • Process32Next.KERNEL32(00000000,?), ref: 1000577D
      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 10005790
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
      • String ID: 360Tray.exe
      • API String ID: 169230292-3639442380
      • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
      • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
      • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
      • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 279 1000e549 280 1000e550-1000e56a RegOpenKeyExA 279->280 281 1000e5ab-1000e5bb call 1000e390 Sleep 280->281 282 1000e56c-1000e586 RegQueryValueExA 280->282 281->280 284 1000e5a0-1000e5a5 RegCloseKey 282->284 285 1000e588-1000e59e RegCloseKey Sleep 282->285 284->281 285->280
      APIs
      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
      • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
      • RegCloseKey.KERNELBASE(?), ref: 1000E58D
      • Sleep.KERNELBASE(00000BB8), ref: 1000E598
      • RegCloseKey.ADVAPI32(?), ref: 1000E5A5
      • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
      Strings
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
      • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CloseSleep$OpenQueryValue
      • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 3341780449-3687489623
      • Opcode ID: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
      • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
      • Opcode Fuzzy Hash: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
      • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 287 401770-4017c5 OutputDebugStringA #823 288 4017d2 287->288 289 4017c7-4017c9 call 401080 287->289 291 4017d4-4017e5 call 4011f0 288->291 292 4017ce-4017d0 289->292 295 4017f5-401803 291->295 296 4017e7-4017f0 call 401130 291->296 292->291 297 401813-40182c Sleep 295->297 298 401805-401811 Sleep 295->298 296->295 298->297 298->298
      APIs
      • OutputDebugStringA.KERNELBASE(Mfc), ref: 0040178F
      • #823.MFC42(0009B508), ref: 004017AF
      • Sleep.KERNELBASE(00000064,?,?,?,?,?,?,?,?,004026BB,000000FF), ref: 00401807
      • Sleep.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,004026BB,000000FF), ref: 00401815
        • Part of subcall function 00401080: WSAStartup.WS2_32(00000202,?), ref: 004010A6
        • Part of subcall function 00401080: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010B3
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: Sleep$#823CreateDebugEventOutputStartupString
      • String ID: Mfc
      • API String ID: 3196058339-1612659522
      • Opcode ID: bebb76b723997918654a999a69f69a20b33b32606a1c900f57b52688f8bd6edc
      • Instruction ID: 4e81b0ca89eaf2c811d033bf8b2def4f79f93be1ff23169893ae51c573424b6d
      • Opcode Fuzzy Hash: bebb76b723997918654a999a69f69a20b33b32606a1c900f57b52688f8bd6edc
      • Instruction Fuzzy Hash: 8811E7712047419BC710EB299D01747B7E8AF84B60F10863EF865E77E0E778D5058B9A
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 300 24701a8-24701d2 call 2470858 303 24702b7-24702bb 300->303 304 24701d8-24701da 300->304 305 24701dd-24701f9 304->305 306 2470214-2470263 305->306 307 24701fb-247020f VirtualFree 305->307 309 2470265 306->309 310 2470268-247026d 306->310 308 2470295-24702af 307->308 308->305 311 24702b5-24702b6 308->311 309->310 312 2470281 310->312 313 247026f-2470271 310->313 311->303 312->308 314 2470283-2470292 VirtualProtect 312->314 315 2470273-2470276 313->315 316 2470278-247027a 313->316 314->308 317 247027f 315->317 316->308 318 247027c 316->318 317->312 318->317
      APIs
      • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 0247020C
      • VirtualProtect.KERNELBASE(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 02470292
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: Virtual$FreeProtect
      • String ID: $@
      • API String ID: 2581862158-1077428164
      • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
      • Instruction ID: 2482dee0531a0fa68407227a57df3142aed217533e5935c3f882534c2c03ab9f
      • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
      • Instruction Fuzzy Hash: 57318BB16053018FD704CF18C454BABB7E6FF88308F409A0DE99AAB380E775E945CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 319 4014a0-401511 #1134 #2621 call 401830 #2514 #641
      APIs
      • #1134.MFC42(00000000), ref: 004014BD
      • #2621.MFC42 ref: 004014C7
        • Part of subcall function 00401830: #324.MFC42(00000066,00000000,?,?,00000000,004026D8,000000FF,004014D7,00000000), ref: 00401854
        • Part of subcall function 00401830: #1168.MFC42(00000066,00000000,?,?,00000000), ref: 00401867
        • Part of subcall function 00401830: #1146.MFC42(00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 00401878
        • Part of subcall function 00401830: LoadIconA.USER32(00000000,00000080), ref: 0040187E
      • #2514.MFC42 ref: 004014EA
      • #641.MFC42 ref: 004014FB
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: #1134#1146#1168#2514#2621#324#641IconLoad
      • String ID:
      • API String ID: 1043086884-0
      • Opcode ID: efa230d1079e9de0d29f679f868029c9d7f9f27ec93580d8432ab6c15d55fb81
      • Instruction ID: 9ac1edc087fe73fa880d4135cd06f65b566d67c54fc8b22c3b4d24c0721ffe3b
      • Opcode Fuzzy Hash: efa230d1079e9de0d29f679f868029c9d7f9f27ec93580d8432ab6c15d55fb81
      • Instruction Fuzzy Hash: F6F0F0715047809BD714EB24CE06B4AB7E4BB44B24F100B3EF1A5672D0EFBC9901CB82
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #324.MFC42(00000066,00000000,?,?,00000000,004026D8,000000FF,004014D7,00000000), ref: 00401854
      • #1168.MFC42(00000066,00000000,?,?,00000000), ref: 00401867
      • #1146.MFC42(00000080,0000000E,00000080,00000066,00000000,?,?,00000000), ref: 00401878
      • LoadIconA.USER32(00000000,00000080), ref: 0040187E
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: #1146#1168#324IconLoad
      • String ID:
      • API String ID: 193567849-0
      • Opcode ID: ae38331880f904f8940b0db11f786ac260f9ac9c5cb01ac82e5bf28cb00e4633
      • Instruction ID: 82116a89cb9603d1ca7d6e139d9602a0a07866cbfa2ff2280934cd3600aa4aee
      • Opcode Fuzzy Hash: ae38331880f904f8940b0db11f786ac260f9ac9c5cb01ac82e5bf28cb00e4633
      • Instruction Fuzzy Hash: B0F05EB1644B50BFD3509F59CE06B1ABAA8FB04B20F008A2EF591A77C0D7FD44008B59
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • malloc.MSVCRT ref: 0040119A
      • VirtualProtect.KERNELBASE(00000000,0004DA78,00000040,?,?), ref: 004011CA
      • CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004011DA
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: CreateProtectThreadVirtualmalloc
      • String ID:
      • API String ID: 2647532177-0
      • Opcode ID: 58e15c8924ea8972c0800c7eea9696be7e5e5a9940ce2bf40b2c29b7faeb2bc2
      • Instruction ID: 8d9e41f2d670fbd8d0276bcc6d95a4163a15de53510f7612398299b8bb56db8a
      • Opcode Fuzzy Hash: 58e15c8924ea8972c0800c7eea9696be7e5e5a9940ce2bf40b2c29b7faeb2bc2
      • Instruction Fuzzy Hash: 7BF0E5F37852003FF2101A99AC8AFD7178CE384766F20003BF706AA2D0D9F99D40436A
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
      • Instruction ID: d362157ff412a61234cb389aaa7b3a8e57612e51b40511bbba4193dde7782257
      • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
      • Instruction Fuzzy Hash: A641D6B23422006FE710DF69EC84FBB77A9EF84766F10456BFA15C6680EB71D8058B61
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAStartup.WS2_32(00000202,?), ref: 004010A6
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010B3
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: CreateEventStartup
      • String ID:
      • API String ID: 1546077022-0
      • Opcode ID: 11ed0e13db0c9aa82ccec19946252118a18e06037faf82fb9460f87969fb909b
      • Instruction ID: 394aeb8d342db8c09de8ab0d868a5f1eb1c33a91e9f2f4e1ea264a5cc676e037
      • Opcode Fuzzy Hash: 11ed0e13db0c9aa82ccec19946252118a18e06037faf82fb9460f87969fb909b
      • Instruction Fuzzy Hash: 0FF08C71200700AFE3309F1ACD19AA7FBECEBC9B11F40892EA5A5922A0D6B465088B51
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • send.WS2_32(?,?,?,00000000), ref: 00401140
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: send
      • String ID:
      • API String ID: 2809346765-0
      • Opcode ID: cebc3933129569c27d3d0589123bb3a8c2f73757960158b94bd0f1ea6564c612
      • Instruction ID: 488cd9bb20f7c348d2eb7601e379ff2d51877881b147a6325f195ce6f5550ca2
      • Opcode Fuzzy Hash: cebc3933129569c27d3d0589123bb3a8c2f73757960158b94bd0f1ea6564c612
      • Instruction Fuzzy Hash: 4FD012BA301201BBD344CB68DC88F1BB7ECAB88711F20C46CB18AD72A0C630EC51CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #1576.MFC42(004025D4,004025D4,004025D4,004025D4,004025D4,00000000,?,0000000A), ref: 00402642
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: #1576
      • String ID:
      • API String ID: 1976119259-0
      • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
      • Instruction ID: ea4b61c8fcc58801f2f0c1502973059dbf9fdf1f53245db7a8e72a95c914a700
      • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
      • Instruction Fuzzy Hash: B4B00836018386ABCB06DE91890592ABAA2BB98344F494D5EB6A1500A187668428AB16
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualAlloc.KERNELBASE(?,?,00001000,00000004,?,00000000,00000000,00000000,?,02470544,?,?,00000000,?,?,?), ref: 02470169
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
      • Instruction ID: 9604e402c736e81ceccb20d5bc65a2dc2d2588e8703d7daaaf4ebddafc617940
      • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
      • Instruction Fuzzy Hash: 892168B1600201AFE314CF19CC84B5AF3E9FF88305F10982EE59997341D7B1E895CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 02477000
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 02477025
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 02477039
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 02477084
      • CopyFileA.KERNEL32(?,?,00000000), ref: 024770BA
      • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0247711F
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02477140
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02477168
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02477182
      • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0247718F
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
      • String ID: D$\msiexec.exe
      • API String ID: 3303475852-2685333904
      • Opcode ID: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
      • Instruction ID: a503da5347d0f3cbcdaf30499e0f7f68ea3b2c5ce6951b11827e2533344aa68d
      • Opcode Fuzzy Hash: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
      • Instruction Fuzzy Hash: 077154F1900228AFEB25DB64CCD4EEA77BDEB48704F40859AF60997141DA709F94CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: MetricsSystem$#2379#470#755ClientDrawIconIconicMessageRectSend
      • String ID:
      • API String ID: 1397574227-0
      • Opcode ID: ba6df198c9fee10706e9f92bd5aec66db6e2c29323b93016af3720700b76ce6b
      • Instruction ID: 89e8adb469d91a838e668cb5929babd5a6835129643cd87033e24c9b0d28c74b
      • Opcode Fuzzy Hash: ba6df198c9fee10706e9f92bd5aec66db6e2c29323b93016af3720700b76ce6b
      • Instruction Fuzzy Hash: 46117F712142055FC614DF38DD49D6BBBEDFBC8305F084A2DB585D3290DA78E905CB55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsDebuggerPresent.KERNEL32 ref: 10010108
      • _crt_debugger_hook.MSVCR100(00000001), ref: 10010115
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001011D
      • UnhandledExceptionFilter.KERNEL32(10012404), ref: 10010128
      • _crt_debugger_hook.MSVCR100(00000001), ref: 10010139
      • GetCurrentProcess.KERNEL32(C0000409), ref: 10010144
      • TerminateProcess.KERNEL32(00000000), ref: 1001014B
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 3369434319-0
      • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction ID: 3dd05fdeb98c840c3ac9c3c292ea311adfb4bbb0d0e4fad1bae5c61b1b3eb1b5
      • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction Fuzzy Hash: 3521DDB8902A24DFF701DF65CDC56443BB6FB1C344F52801AE5088B26AE7B1E980CF09
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsDebuggerPresent.KERNEL32 ref: 02481D54
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02481D69
      • UnhandledExceptionFilter.KERNEL32(10012404), ref: 02481D74
      • GetCurrentProcess.KERNEL32(C0000409), ref: 02481D90
      • TerminateProcess.KERNEL32(00000000), ref: 02481D97
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 2579439406-0
      • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction ID: cfb9f55990cd1cea6a1a0b2fb0e88753268d50b32e2d9a04967d849c86aebca0
      • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
      • Instruction Fuzzy Hash: 3921DAB8812620DFF701EF65CDC46583BB6BB0C304F51801AEA0887325E7B1E881CF04
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • #3097.MFC42(000003E8,004054D4), ref: 00401B9E
      • #3097.MFC42(000003E9,004054D0,000003E8,004054D4), ref: 00401BAF
      • _mbscmp.MSVCRT ref: 00401BC7
      • #5953.MFC42(000003EB,0040537C), ref: 00401BDC
      • #5953.MFC42(000003E8,004054E4,000003EB,0040537C), ref: 00401BED
      • #5953.MFC42(000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401BFE
      • #3092.MFC42(000003E8,000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401C0A
      • #5981.MFC42(000003E8,000003E9,004054E4,000003E8,004054E4,000003EB,0040537C), ref: 00401C11
      • _mbscmp.MSVCRT ref: 00401C27
      • #5953.MFC42(000003EB,00405360), ref: 00401C3C
      • #3092.MFC42(000003E8,000003EB,00405360), ref: 00401C48
      • #5981.MFC42(000003E8,000003EB,00405360), ref: 00401C4F
      • #3097.MFC42(000003EA,004054CC), ref: 00401D51
      • _mbscmp.MSVCRT ref: 00401D63
      • #5953.MFC42(000003EB,00405314), ref: 00401D7C
      • #5953.MFC42(000003EA,004054E4,000003EB,00405314), ref: 00401D8D
      • #3092.MFC42(000003EA,000003EA,004054E4,000003EB,00405314), ref: 00401D99
      • #5981.MFC42(000003EA,000003EA,004054E4,000003EB,00405314), ref: 00401DA0
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: #5953$#3092#3097#5981_mbscmp
      • String ID: Shell_TrayWnd
      • API String ID: 2345305820-2988720461
      • Opcode ID: 455f8c89fc2bb1981af9a10776c35603da655b530fda02b23260adbf773b6009
      • Instruction ID: 09eca0634b82c8f294e250b21cdabe85b7eb0dae3ff9de2663f7faa7e097ef5a
      • Opcode Fuzzy Hash: 455f8c89fc2bb1981af9a10776c35603da655b530fda02b23260adbf773b6009
      • Instruction Fuzzy Hash: 15513B307C0B1177E9667735AE9BF6E2509AB80F0AF10013EBA017E2D2CEFC56419A4D
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0247FB09
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0247FB26
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0247FBE5
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0247FC24
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0247FC63
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0247FCA2
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0247FCE1
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0247FD20
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0247FD5F
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0247FD9E
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0247FDDD
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0247FE1C
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0247FE5B
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0247FE9A
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0247FED9
      • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0247FF29
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0247FF3D
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0247FF6B
      • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0247FF88
      • CloseHandle.KERNEL32(?), ref: 0247FFA6
      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0247FFC1
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: LookupPrivilegeValue$Process$CloseHandleOpenToken$InformationLengthMessagePostTerminateThread
      • String ID:
      • API String ID: 1335550552-3916222277
      • Opcode ID: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
      • Instruction ID: 1e4a7c953243b4ef6605ba5e8ed24bf24b389d46f5bc3d551783e63e753fc577
      • Opcode Fuzzy Hash: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
      • Instruction Fuzzy Hash: CF12A6B1E40219ABEB14CFD5CD81BEEBBB5FF48700F10851AE615BB284D7B0AA05CB55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryA.KERNEL32(?), ref: 10005646
      • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000565A
      • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005665
      • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005670
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 1000567B
      • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 100056D3
      • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 100056DF
      • CloseHandle.KERNEL32(?), ref: 100056F2
      • FreeLibrary.KERNEL32(00000000), ref: 100056FD
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
      • String ID: .dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$pi32
      • API String ID: 3440622277-1578001699
      • Opcode ID: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
      • Instruction ID: 97513855ba7d5b96b8eea992fadbc770b1a1e9ea9204260f57e06f18dc82c778
      • Opcode Fuzzy Hash: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
      • Instruction Fuzzy Hash: 1531AFB5A01218ABEB10DBB4DD89BEEBBB8EF49641F104119FA05B7280DB71D910CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 10002E7C
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
      • timeGetTime.WINMM ref: 10002E8E
      • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
      • gethostbyname.WS2_32(?), ref: 10002EDF
      • htons.WS2_32(?), ref: 10002EF8
      • connect.WS2_32(?,?,00000010), ref: 10002F16
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
      • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
      • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
      • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
      • _beginthreadex.MSVCR100 ref: 10002FF6
      • _beginthreadex.MSVCR100 ref: 1000300B
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
      • String ID: 0u
      • API String ID: 2079111011-3203441087
      • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
      • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
      • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
      • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • memset.MSVCR100 ref: 1000F659
      • memset.MSVCR100 ref: 1000F66C
      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 1000F68F
        • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
        • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Closememset$Open
      • String ID: %08X$Host
      • API String ID: 4198983563-2867006347
      • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
      • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
      • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
      • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • wsprintfA.USER32 ref: 1000DA17
      • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
      • GetLastError.KERNEL32 ref: 1000DA38
      • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
      • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
      • exit.MSVCR100 ref: 1000DA55
      • GetTickCount.KERNEL32 ref: 1000DAA0
      • GetTickCount.KERNEL32 ref: 1000DABB
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
      • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
      • CloseHandle.KERNEL32(?), ref: 1000DBE8
      • CloseHandle.KERNEL32(?), ref: 1000DC0B
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
      • String ID: %d:%d
      • API String ID: 3209965405-4036436701
      • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
      • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,B83884DB,745947A0,?,?,00000001), ref: 10004AE6
      • EnterCriticalSection.KERNEL32(?,B83884DB,745947A0,?,?,00000001), ref: 10004B0D
      • SetLastError.KERNEL32(0000139F), ref: 10004B21
      • LeaveCriticalSection.KERNEL32(?), ref: 10004B28
      • ??_V@YAXPAX@Z.MSVCR100 ref: 10004B2F
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$EnterLeave
      • String ID:
      • API String ID: 2124651672-0
      • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction ID: 5fe8bdd41a10f96eed0c08b81a8c651ccd934f21ec4c15eef027c2ec4447b3e6
      • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction Fuzzy Hash: 8C519AB6A047059FE310DFA8D885B5ABBF4FB48751F00862AE90AC3B51DB35E810CB95
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
      • String ID: 8P@
      • API String ID: 801014965-425619966
      • Opcode ID: 8498408c8425d3ed6747d28634787dc7c4251bf7b6037aa3f240537cf403f7b7
      • Instruction ID: 3db1f6a25215d20146fe9d205761b81edacfa20296a2621411912f9a6318d064
      • Opcode Fuzzy Hash: 8498408c8425d3ed6747d28634787dc7c4251bf7b6037aa3f240537cf403f7b7
      • Instruction Fuzzy Hash: B7416CB1840744AFCB249FA4DE59AAA7BBCEB09711F20057FE841B72D1D7B859408F5C
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 02474AC8
      • InterlockedExchange.KERNEL32(?,00000000), ref: 02474AD4
      • timeGetTime.WINMM ref: 02474ADA
      • socket.WS2_32(00000002,00000001,00000006), ref: 02474B07
      • gethostbyname.WS2_32(?), ref: 02474B2B
      • htons.WS2_32(?), ref: 02474B44
      • connect.WS2_32(?,?,00000010), ref: 02474B62
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 02474C16
      • InterlockedExchange.KERNEL32(?,00000001), ref: 02474C1F
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
      • String ID: 0u
      • API String ID: 3940796591-3203441087
      • Opcode ID: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
      • Instruction ID: 611cbf44302a6ac7f9b6013d4575fc34d213360277f2430e2f2596d4a6d17120
      • Opcode Fuzzy Hash: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
      • Instruction Fuzzy Hash: C0514BB1640704ABE720DFA5CC85FAAB7F8FF48B10F108619F656A76D0D7B0A904CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,B83884DB,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
      • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
      • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
      • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
      • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
      • _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
      • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
      • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
      • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@D@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID: bad cast
      • API String ID: 3682899576-3145022300
      • Opcode ID: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
      • Instruction ID: 9267944088e3d385a90ca68d15580f4292d556ca69c9bd6cbb330ffcc8da112e
      • Opcode Fuzzy Hash: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
      • Instruction Fuzzy Hash: D5319375900265AFEB14DF54CC98ADEB7B4FB48760F06825AE912A7390DF30ED40CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,10016034,10012308,?,?,00000001), ref: 02476732
      • RtlEnterCriticalSection.NTDLL(?), ref: 02476759
      • SetLastError.KERNEL32(0000139F), ref: 0247676D
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02476774
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$EnterLeave
      • String ID:
      • API String ID: 2124651672-0
      • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction ID: 62f1ff3e401cd15af1c078aaec9a2fded7f4da87439770cfb8f319316842876e
      • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
      • Instruction Fuzzy Hash: CA517BB6A047049FD714DFA8C884BAABBF5FB48711F008A2EE91AC3B51D735E410CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • wsprintfA.USER32 ref: 0247F663
      • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0247F678
      • GetLastError.KERNEL32 ref: 0247F684
      • ReleaseMutex.KERNEL32(00000000), ref: 0247F692
      • CloseHandle.KERNEL32(00000000), ref: 0247F699
      • GetTickCount.KERNEL32 ref: 0247F6EC
      • GetTickCount.KERNEL32 ref: 0247F707
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0247F745
      • TerminateThread.KERNEL32(?,000000FF), ref: 0247F826
      • CloseHandle.KERNEL32(?), ref: 0247F834
      • CloseHandle.KERNEL32(?), ref: 0247F857
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CloseHandle$CountCreateMutexTick$ErrorEventLastReleaseTerminateThreadwsprintf
      • String ID:
      • API String ID: 583979846-0
      • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction ID: 0e2d257810592865a5644f7c9765eaa4d444a4ab875869f6454a22be882f7f1f
      • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
      • Instruction Fuzzy Hash: 6A518DB1508B919FD720DF68CC84BDBB7E9FB88711F01461DE55A87290C7709855CF92
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • Sleep.KERNEL32(00000064), ref: 10002D1D
      • CloseHandle.KERNEL32(?), ref: 10002D33
      • CloseHandle.KERNEL32(?), ref: 10002D3D
      • CloseHandle.KERNEL32(?), ref: 10002D47
      • WSACleanup.WS2_32 ref: 10002D49
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D63
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D7C
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D95
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DB5
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DCC
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DE3
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: FreeVirtual$CloseHandle$CleanupSleep
      • String ID:
      • API String ID: 21600312-0
      • Opcode ID: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
      • Instruction ID: e8e7963b61715e07e1f975425be793fcef977bd32e5d06e796b9a2ad35ea54e2
      • Opcode Fuzzy Hash: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
      • Instruction Fuzzy Hash: A72107B1600B54ABE760DF6A8DC4A16F7E8FF542847924C2EF682D7A54C7B4FC448E20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(B83884DB,0000002D,?,00000000,?), ref: 1000BFAD
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,B83884DB,0000002D,?,00000000,?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000BFCD
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000C00A
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,?,?,10007D4F,?), ref: 1000C027
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,B83884DB,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,B83884DB,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000C063
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_??2@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 1881732901-0
      • Opcode ID: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
      • Instruction ID: 2564591a47ad9c99d460cfe4242aa2a7db49b47659ffe0b548625c32ae3f8a46
      • Opcode Fuzzy Hash: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
      • Instruction Fuzzy Hash: AA918074A00749DFEB14CF24C890A9ABBF1FF49390F04856DE8AA97746D730E954CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 02475A51
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02475A9C
      • send.WS2_32(0247574F,?,?,00000000), ref: 02475ABA
      • RtlEnterCriticalSection.NTDLL(?), ref: 02475ACD
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02475AE0
      • HeapFree.KERNEL32(00000000,00000000,?,?,0247574F), ref: 02475B08
      • WSAGetLastError.WS2_32(?,0247574F), ref: 02475B13
      • RtlEnterCriticalSection.NTDLL(?), ref: 02475B27
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02475B60
      • HeapFree.KERNEL32(00000000,00000000,?,?,0247574F), ref: 02475B9D
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
      • String ID:
      • API String ID: 1701177279-0
      • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction ID: 6555f90c5cd289c9625bcfa42bb3446f78990005aed94b1904a30f5861739d6c
      • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction Fuzzy Hash: C041F6B16047049FD724CF78C8C8AA7B7F8BB49304F84896EE96ACB250D730E8558B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,00000001,00000001,?,10003B03), ref: 10003E05
      • LeaveCriticalSection.KERNEL32(?,?,10003B03), ref: 10003E50
      • send.WS2_32(10003B03,?,?,00000000), ref: 10003E6E
      • EnterCriticalSection.KERNEL32(?), ref: 10003E81
      • LeaveCriticalSection.KERNEL32(?), ref: 10003E94
      • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003EBC
      • WSAGetLastError.WS2_32(?,10003B03), ref: 10003EC7
      • EnterCriticalSection.KERNEL32(?,?,10003B03), ref: 10003EDB
      • LeaveCriticalSection.KERNEL32(?), ref: 10003F14
      • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003F51
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
      • String ID:
      • API String ID: 1701177279-0
      • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction ID: 95e7f1dcb72b6087f728085c9acbc1400d3849db0c1b3c989ec691719f25d438
      • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
      • Instruction Fuzzy Hash: 884114B1504A419FE761CF78C8C8AA7B7F8EB49380F10896EE96ACB255D730E8418B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 100036A0: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
        • Part of subcall function 100036A0: free.MSVCR100(?), ref: 100036DC
        • Part of subcall function 100036A0: malloc.MSVCR100 ref: 10003718
        • Part of subcall function 100036A0: memset.MSVCR100 ref: 10003727
      • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035A5
      • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035B3
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100035DA
      • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 100035F3
      • _beginthreadex.MSVCR100 ref: 10003615
      • ResetEvent.KERNEL32(?,?,?,10016A3C), ref: 1000362E
      • SetLastError.KERNEL32(00000000), ref: 10003661
      • GetLastError.KERNEL32 ref: 10003679
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      • SetLastError.KERNEL32(00000000), ref: 10003689
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_beginthreadexclosesocketfreemallocmemsetsendshutdown
      • String ID:
      • API String ID: 2811472597-0
      • Opcode ID: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
      • Instruction ID: 528c5fe63bee85bd579387a06ccf710ef0ae3c773235a27bcf9d154c9c99c380
      • Opcode Fuzzy Hash: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
      • Instruction Fuzzy Hash: C3415BB1600704AFE360DF69CC80B5BB7E8FB48751F50892EEA46D7690DBB1F9548B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSASetLastError.WS2_32(0000000D), ref: 024769AF
      • RtlEnterCriticalSection.NTDLL(?), ref: 024769C4
      • WSASetLastError.WS2_32(00002746), ref: 024769D6
      • RtlLeaveCriticalSection.NTDLL(?), ref: 024769DD
      • timeGetTime.WINMM ref: 02476A0B
      • timeGetTime.WINMM ref: 02476A33
      • SetEvent.KERNEL32(?), ref: 02476A71
      • InterlockedExchange.KERNEL32(?,00000001), ref: 02476A7D
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02476A84
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02476A97
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
      • String ID:
      • API String ID: 1979691958-0
      • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction ID: 2e50ba527e0da182c179f5b57b7b56ef2f97a3765c5bd52bdc03da6e4befd7fc
      • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction Fuzzy Hash: B541C3B1600B009FD720DF68C988BABB7EEFB49714F11C55AE49AC7361E735E8958B40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSASetLastError.WS2_32(0000000D), ref: 10004D63
      • EnterCriticalSection.KERNEL32(?), ref: 10004D78
      • WSASetLastError.WS2_32(00002746), ref: 10004D8A
      • LeaveCriticalSection.KERNEL32(?), ref: 10004D91
      • timeGetTime.WINMM ref: 10004DBF
      • timeGetTime.WINMM ref: 10004DE7
      • SetEvent.KERNEL32(?), ref: 10004E25
      • InterlockedExchange.KERNEL32(?,00000001), ref: 10004E31
      • LeaveCriticalSection.KERNEL32(?), ref: 10004E38
      • LeaveCriticalSection.KERNEL32(?), ref: 10004E4B
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
      • String ID:
      • API String ID: 1979691958-0
      • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction ID: ec2b79fedc414f9553798197052756955a32ae4d36ffb583ee8fc20c2801b713
      • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
      • Instruction Fuzzy Hash: 3C4118B1600341DFE320DF68C888A5AB7F9FF89794F02855AE44AC7755EB35EC518B44
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ResetEvent.KERNEL32(?), ref: 10004443
      • ResetEvent.KERNEL32(?), ref: 1000444C
      • timeGetTime.WINMM ref: 1000444E
      • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
      • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
      • ResetEvent.KERNEL32(?), ref: 100044C8
        • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
        • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
        • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
        • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
        • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
      • ResetEvent.KERNEL32(?), ref: 100044DC
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
      • String ID:
      • API String ID: 542259498-0
      • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
      • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • LoadLibraryA.KERNEL32(?), ref: 02477292
      • GetCurrentProcess.KERNEL32(00000028,?), ref: 024772C7
      • LoadLibraryA.KERNEL32(10012638), ref: 0247731F
      • CloseHandle.KERNEL32(?), ref: 0247733E
      • FreeLibrary.KERNEL32(00000000), ref: 02477349
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: Library$Load$CloseCurrentFreeHandleProcess
      • String ID: .dll$Adva$pi32
      • API String ID: 1168765234-3719434023
      • Opcode ID: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
      • Instruction ID: 6b4f08e0eef8e375f41e84b8382cde1ef7468af078553bcc507e97fec2ae6406
      • Opcode Fuzzy Hash: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
      • Instruction Fuzzy Hash: AE31B1B1A41218ABDB10DFB4DD89BEEBBB8EF49701F10411AFA05B7240DB70D910CB64
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000,?), ref: 00401F50
      • BuildExplicitAccessWithNameA.ADVAPI32(?,Administrators,000F003F,00000002,00000003), ref: 00401F6D
      • SetEntriesInAclA.ADVAPI32(00000001,?,?,?), ref: 00401F83
      • SetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000), ref: 00401F9E
      • LocalFree.KERNEL32(?), ref: 00401FB9
      • LocalFree.KERNEL32(?), ref: 00401FC4
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: FreeInfoLocalNamedSecurity$AccessBuildEntriesExplicitNameWith
      • String ID: Administrators$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 232510436-309312000
      • Opcode ID: 53073c2b4bec189ce8b610d4c6f56d55612f92f2701c5ff9fb59f5ebaf8d7ac5
      • Instruction ID: da1d4f715cb7791bda5478defa030f0280aa6d463b88422718ffb321f1726b92
      • Opcode Fuzzy Hash: 53073c2b4bec189ce8b610d4c6f56d55612f92f2701c5ff9fb59f5ebaf8d7ac5
      • Instruction Fuzzy Hash: C0114DB16043066FE310CF65CD85E6BB7ACEBC4795F40483EFA44E6290D6B8DD088B66
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: lstrlenmemset$??2@gethostname
      • String ID: Host$SYSTEM\Setup
      • API String ID: 1496828540-2058306683
      • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
      • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
      • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
      • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,B83884DB,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
        • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
        • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
        • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,B83884DB,?,74DF2F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
        • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
      • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
      • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
      • String ID:
      • API String ID: 2486110213-0
      • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
      • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??3@$free
      • String ID:
      • API String ID: 2241099983-0
      • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
      • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
      • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
      • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
      • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
      • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
      • SetLastError.KERNEL32(0000139F), ref: 10004CD9
      • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
      • LeaveCriticalSection.KERNEL32(00000002), ref: 10004CE9
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
      • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
      • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
      • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • memmove.MSVCR100 ref: 1000753B
      • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,B83884DB), ref: 10007636
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,B83884DB), ref: 10007664
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,B83884DB), ref: 1000766F
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
      • String ID: invalid string position$string too long
      • API String ID: 2621357903-4289949731
      • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
      • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
      • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
      • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: memmove$??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2515916401-3788999226
      • Opcode ID: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
      • Instruction ID: 01a5416ad76a64336723064fc840d625202b6d5d1d61444833dd7ade9053a0ae
      • Opcode Fuzzy Hash: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
      • Instruction Fuzzy Hash: BD3150B560030A9FDB18DF69CC9496FB7E6FF84250B158A3DE95AC3344EB30E9118A91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • OutputDebugStringA.KERNEL32(10012B64), ref: 024800D5
        • Part of subcall function 0247FADC: OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0247FB09
        • Part of subcall function 0247FADC: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0247FB26
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0247FBE5
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0247FC24
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0247FC63
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0247FCA2
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0247FCE1
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0247FD20
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0247FD5F
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0247FD9E
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0247FDDD
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0247FE1C
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0247FE5B
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0247FE9A
        • Part of subcall function 0247FADC: LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0247FED9
        • Part of subcall function 0247FADC: GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0247FF29
        • Part of subcall function 0247FADC: SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0247FF3D
        • Part of subcall function 0247FADC: PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0247FF6B
        • Part of subcall function 0247FADC: TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0247FF88
        • Part of subcall function 0247FADC: CloseHandle.KERNEL32(?), ref: 0247FFA6
        • Part of subcall function 0247FADC: CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0247FFC1
      • RegSetValueExA.ADVAPI32(?,10012B20,00000000,00000001,?,?), ref: 02480155
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: Value$LookupPrivilege$Process$CloseHandleOpenToken$DebugInformationLengthMessageOutputPostStringTerminateThread
      • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
      • API String ID: 2737639916-1482746000
      • Opcode ID: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
      • Instruction ID: ea8b427644895b10fd0b4b52ac580fdf38a4e100c895f25332c1be441fcf05d6
      • Opcode Fuzzy Hash: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
      • Instruction Fuzzy Hash: 180180B16002199FDB29EB608C94FFE7767DF89300F40418EE5099A581CF75D9558F94
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,B83884DB,?,B83884DB,10008EF2), ref: 1000A71D
        • Part of subcall function 1000A670: ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,B83884DB,?,B83884DB,10008EF2), ref: 1000A740
        • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,B83884DB), ref: 1000A76E
        • Part of subcall function 1000D240: ??3@YAXPAX@Z.MSVCR100 ref: 1000D24D
        • Part of subcall function 1000D240: memmove.MSVCR100 ref: 1000D274
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009341
      • ??3@YAXPAX@Z.MSVCR100 ref: 100093AF
      • memmove.MSVCR100 ref: 100093D6
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009409
      • ??3@YAXPAX@Z.MSVCR100 ref: 100094E8
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000950C
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009541
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009565
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??3@$Decref@facet@locale@std@@V123@memmove$?tolower@?$ctype@D@std@@
      • String ID:
      • API String ID: 666130115-0
      • Opcode ID: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
      • Instruction ID: d6409eecbe246477b522489d28038a04a4d9b35d361d7e3d4c0a1cf6a561d2a1
      • Opcode Fuzzy Hash: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
      • Instruction Fuzzy Hash: 1BA1BFB1D042589FEF11CFA8C884ADEBBF5EF48340F24852AE445A7245D735EA45CFA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F04
      • LoadLibraryA.KERNEL32(?), ref: 10005F20
      • GetProcessHeap.KERNEL32(00000000,FFFC66E8,8B068BFF), ref: 10005F46
      • HeapReAlloc.KERNEL32(00000000), ref: 10005F4D
      • GetProcessHeap.KERNEL32(00000000,?), ref: 10005F57
      • HeapAlloc.KERNEL32(00000000), ref: 10005F5E
      • GetProcAddress.KERNEL32(00000000,?), ref: 10005FAB
      • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005FCE
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
      • String ID:
      • API String ID: 1153753045-0
      • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
      • Instruction ID: 639725d520a12f96a9ac537266dd15796de30ad03c8f0809102f2ab076afd855
      • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
      • Instruction Fuzzy Hash: EB416D7560021B9FE710DF69C884B6AB7E8FF4839AF118179E909D7251E736EC10CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • socket.WS2_32(00000002,00000002,00000011), ref: 024753AB
      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 024753E4
      • WSACreateEvent.WS2_32 ref: 02475416
      • gethostbyname.WS2_32(?), ref: 02475420
      • htons.WS2_32(?), ref: 02475439
      • WSAEventSelect.WS2_32(?,?,00000030), ref: 02475457
      • connect.WS2_32(?,?,00000010), ref: 0247546C
      • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 0247547B
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
      • String ID:
      • API String ID: 603330298-0
      • Opcode ID: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
      • Instruction ID: 8cad56dfb9f0948851a512a68bf41bc401fd06c9a2bdc021d097742c438620e4
      • Opcode Fuzzy Hash: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
      • Instruction Fuzzy Hash: F2311DB1600215AFE710DBA4CC85EBFB7B8EB48710F504A1AFA21AB2D0D7759A158B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetCurrentThreadId.KERNEL32 ref: 02475BB1
      • SetLastError.KERNEL32(0000139F,?,100120A0,024752D4), ref: 02475CA0
        • Part of subcall function 024747EC: SwitchToThread.KERNEL32 ref: 02474816
      • send.WS2_32(?,1001242C,00000010,00000000), ref: 02475C12
      • SetEvent.KERNEL32(?), ref: 02475C35
      • InterlockedExchange.KERNEL32(?,00000000), ref: 02475C41
      • WSACloseEvent.WS2_32(?), ref: 02475C4F
      • shutdown.WS2_32(?,00000001), ref: 02475C67
      • closesocket.WS2_32(?), ref: 02475C71
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLastSwitchclosesocketsendshutdown
      • String ID:
      • API String ID: 518013673-0
      • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction ID: 278b5a1359651cbdb725f60d3c24817bf2f10f7214e32305a0d642e9da56dbb3
      • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
      • Instruction Fuzzy Hash: A82157B02007109FE3349F79C988B9BB7F9BB48714F54490DEAA28B790C779E455CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004074
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004087
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004090
      • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004099
        • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100015D0
        • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
        • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
      • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040B9
      • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040D4
      • SetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004150
      • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004157
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
      • String ID:
      • API String ID: 2266972149-0
      • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
      • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000005,?,?,?,10007D4F,?), ref: 10009653
      • ??2@YAPAXI@Z.MSVCR100 ref: 10009668
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000006,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099C1
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000004,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099D4
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(0000000A,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099F7
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@$??2@
      • String ID:
      • API String ID: 432566381-0
      • Opcode ID: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
      • Instruction ID: b8931feace3fce552cd7dc028dd2a20196b90b2ee431afbed85b6d5b4f70debe
      • Opcode Fuzzy Hash: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
      • Instruction Fuzzy Hash: 89D12934E089C75FFB55CB24C4A032677E1FF063C4F26805ED69987A9AC725ACA5C782
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 10001610: vsprintf.MSVCR100 ref: 10001646
      • malloc.MSVCR100 ref: 10002350
      • memcpy.MSVCR100 ref: 10002397
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: mallocmemcpyvsprintf
      • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
      • API String ID: 4208594302-868042568
      • Opcode ID: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
      • Instruction ID: 2d637e10643cae3ae86f13c8a9a6f4a8ec5bbbe4351a433474e625fb8ee90fc4
      • Opcode Fuzzy Hash: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
      • Instruction Fuzzy Hash: C4B1A375A002059BEB08CF68D8806AE7BF5FF84390F1585AEED499B34AD731ED51CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(B83884DB,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 100079B6
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,B83884DB,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A13
      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,B83884DB,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A40
      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
      • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
      • String ID:
      • API String ID: 753523128-0
      • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
      • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
      • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
      • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 02477000
      • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 02477025
      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 02477039
      • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 02477084
      • CopyFileA.KERNEL32(?,?,00000000), ref: 024770BA
      • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0247711F
      • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02477140
      • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02477168
      • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 02477182
      • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0247718F
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
      • String ID: D$\msiexec.exe
      • API String ID: 3303475852-2685333904
      • Opcode ID: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
      • Instruction ID: 7e370541f866e404f4bc53441a7b54bddce28a34be6bef500d983bbbc4554894
      • Opcode Fuzzy Hash: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
      • Instruction Fuzzy Hash: EA5144F1900228AFDB25DB64CCD4AEAB7BDEB48304F40859AE60997251D7709F95CF60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CF0086A), ref: 1000DC8B
      • _beginthreadex.MSVCR100 ref: 1000DCAB
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
      • CloseHandle.KERNEL32(?), ref: 1000DCD4
      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
      • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CloseHandleObjectSingleWait$??2@CreateEvent_beginthreadex
      • String ID:
      • API String ID: 2512375702-0
      • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
      • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
      • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
      • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 00401F10: GetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000,?), ref: 00401F50
        • Part of subcall function 00401F10: BuildExplicitAccessWithNameA.ADVAPI32(?,Administrators,000F003F,00000002,00000003), ref: 00401F6D
        • Part of subcall function 00401F10: SetEntriesInAclA.ADVAPI32(00000001,?,?,?), ref: 00401F83
        • Part of subcall function 00401F10: SetNamedSecurityInfoA.ADVAPI32(Software\Microsoft\Windows\CurrentVersion\Run,00000004,00000004,00000000,00000000,?,00000000), ref: 00401F9E
        • Part of subcall function 00401F10: LocalFree.KERNEL32(?), ref: 00401FB9
        • Part of subcall function 00401F10: LocalFree.KERNEL32(?), ref: 00401FC4
      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,00000000), ref: 00401FF1
      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040201A
      • RegSetValueExA.ADVAPI32(00000000,LiveUpdate,00000000,00000001,?,00000000), ref: 00402034
      • RegCloseKey.ADVAPI32(?), ref: 0040203F
      Strings
      • LiveUpdate, xrefs: 0040202E
      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00401FE7
      Memory Dump Source
      • Source File: 00000007.00000002.1918857134.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000007.00000002.1918832823.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918877999.0000000000403000.00000002.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918899041.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
      • Associated: 00000007.00000002.1918917846.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_400000_msedge.jbxd
      Similarity
      • API ID: FreeInfoLocalNameNamedSecurity$AccessBuildCloseEntriesExplicitFileModuleOpenValueWith
      • String ID: LiveUpdate$Software\Microsoft\Windows\CurrentVersion\Run
      • API String ID: 4218273391-3400392916
      • Opcode ID: a777f8cc5ebc364c6c8232df2c8f17a8fb27b862e7d670335a6bd31dbf8ff923
      • Instruction ID: 9cbc189060c18ce78410ef20227df155c72ab83715970fe9a40628cbd408b6b5
      • Opcode Fuzzy Hash: a777f8cc5ebc364c6c8232df2c8f17a8fb27b862e7d670335a6bd31dbf8ff923
      • Instruction Fuzzy Hash: 1BF0A4742443017BE710DB64DD46FABBBACEBC8B41F40482CB788F51E4D6F895448B16
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 02476B16
      • WSASetLastError.WS2_32(0000139F,?,?,?,?,10016034,?,?,10010B78,000000FF), ref: 02476B2E
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02476B38
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction ID: 9b1de4de9fedda98f90949a307a06103c62cca9f7ff3dc7fb2cb1e62071c446b
      • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction Fuzzy Hash: DC314CB2604A54ABD720DF55CD85BAAB7AEEB49710F00865EFD25C7780D736E810CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,?,?,?,B83884DB,?,?,10010B78,000000FF), ref: 10004ECA
      • WSASetLastError.WS2_32(0000139F,?,?,?,?,B83884DB,?,?,10010B78,000000FF), ref: 10004EE2
      • LeaveCriticalSection.KERNEL32(?), ref: 10004EEC
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$EnterErrorLastLeave
      • String ID:
      • API String ID: 4082018349-0
      • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction ID: 5d7e202c9453111bf760a64193654abb888b24a6dd7784caadbc8dba9623b2f2
      • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
      • Instruction Fuzzy Hash: 0D318EB6A04744ABE710CF94DC86B6AB3E8FB48750F01852AFD16C3784DB36E810CB54
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
      • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
      • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
      • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
      • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
      • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
      • String ID:
      • API String ID: 672040072-0
      • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
      • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
      • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
      • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: _errno$recvselect
      • String ID:
      • API String ID: 4102763267-0
      • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
      • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
      • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
      • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000913B
      • _CxxThrowException.MSVCR100 ref: 10009153
      Strings
      • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 10008E11, 10008E38
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??0exception@std@@ExceptionThrow
      • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
      • API String ID: 2684170311-3812731148
      • Opcode ID: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
      • Instruction ID: 4ff9fd43ccc38cada941469353b65ddf61956220ecca57f71b677a99dd077398
      • Opcode Fuzzy Hash: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
      • Instruction Fuzzy Hash: 39C19C712082519FEB04CF18C4C4B9A7BE5EF85390F5485A9EC898F24EC775E985CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • FreeLibrary.KERNEL32(?,?,00000000,1000612A), ref: 1000629F
      • GetProcessHeap.KERNEL32(00000000,?,00000000,1000612A), ref: 100062AE
      • HeapFree.KERNEL32(00000000), ref: 100062B5
      • VirtualFree.KERNEL32(?,00000000,00008000,1000612A), ref: 100062CB
      • GetProcessHeap.KERNEL32(00000000,00000000,1000612A), ref: 100062D4
      • HeapFree.KERNEL32(00000000), ref: 100062DB
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: FreeHeap$Process$LibraryVirtual
      • String ID:
      • API String ID: 3521805120-0
      • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction ID: 4e8ae9d798ed328c3ac5cf3a0713134e707d5c220115033f18ab452dde1a0258
      • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction Fuzzy Hash: E5113070600B11EFE660CFA5CC88F1673EAEB89791F20CA18E15697594C774F851CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003341
      • Sleep.KERNEL32(00000258), ref: 1000334E
      • InterlockedExchange.KERNEL32(?,00000000), ref: 10003356
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003362
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000336A
      • Sleep.KERNEL32(0000012C), ref: 1000337B
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
      • String ID:
      • API String ID: 3137405945-0
      • Opcode ID: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
      • Instruction ID: 009e06f348ae16128d23bb0ec9214422679a084963a6134c51d0f5301ed01227
      • Opcode Fuzzy Hash: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
      • Instruction Fuzzy Hash: FDF01272204714ABD610DBA9CCC4D56F3A8AF99734F218709F365932E0CAB4E805CB60
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: free
      • String ID:
      • API String ID: 1294909896-0
      • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
      • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
      • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
      • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,B83884DB,?,00000000,?,10008EF2), ref: 1000C89C
      • memmove.MSVCR100 ref: 1000C8F5
      • memmove.MSVCR100 ref: 1000C91C
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: memmove$??3@Xlength_error@std@@
      • String ID: vector<T> too long
      • API String ID: 2515916401-3788999226
      • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
      • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
      • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
      • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
      • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
      • memcpy.MSVCR100 ref: 1000D5C6
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: invalid string position$string too long
      • API String ID: 4248180022-4289949731
      • Opcode ID: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
      • Instruction ID: 02f1bde33a7f6a4f0b7ca151306c8b86bee2ec7feaee009fa3221f14d761e210
      • Opcode Fuzzy Hash: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
      • Instruction Fuzzy Hash: 1A114C75300A059FEB08EF68EC84A6D77A5FB4429AB11052AFA06CB245D771E990CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
      • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
      • String ID:
      • API String ID: 2760534091-0
      • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
      • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
      • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
      • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,B83884DB,?,B83884DB,10008EF2), ref: 1000A71D
      • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,B83884DB,?,B83884DB,10008EF2), ref: 1000A740
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,B83884DB), ref: 1000A76E
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7B3
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7C0
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,B83884DB,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,B83884DB,?,00000000,00000001,?,6CFC0A41,00000000), ref: 1000D14E
        • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
      • String ID:
      • API String ID: 551958918-0
      • Opcode ID: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
      • Instruction ID: 0fa7d05f19d1acb58b9383a605f7864dac9a50907dca70db0252d2cb3e85a45c
      • Opcode Fuzzy Hash: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
      • Instruction Fuzzy Hash: 61514FB5A01259AFEB00DFA8C984B9EBBF5FF49750F108119E805E7345DB70AE41CB91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ??2@YAPAXI@Z.MSVCR100 ref: 1000D6C8
      • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(80000000,B83884DB,00000000,?,00000000,00000000), ref: 1000D6E8
      • _CxxThrowException.MSVCR100 ref: 1000D6FE
        • Part of subcall function 1000D600: ??2@YAPAXI@Z.MSVCR100 ref: 1000D612
        • Part of subcall function 1000D600: ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000D62D
        • Part of subcall function 1000D600: _CxxThrowException.MSVCR100(?,10013704), ref: 1000D643
      • memcpy.MSVCR100 ref: 1000D740
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000D751
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??0exception@std@@??2@ExceptionThrow$??3@memcpy
      • String ID:
      • API String ID: 1366379292-0
      • Opcode ID: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
      • Instruction ID: 6dedfff981291254d8f0f0f89a0f1b07b51f4c0be1b682e6e92bcdd5696b02d0
      • Opcode Fuzzy Hash: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
      • Instruction Fuzzy Hash: AB41BA75D04605AFDB04EF68C98069DB7F4FB042A0F50422AF91A97784E731E950CBB1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(?), ref: 02475CC0
        • Part of subcall function 024730DC: HeapFree.KERNEL32(?,00000000,?,?,?,02475CFD,?,00000000,02475C85,?,100120A0,024752D4), ref: 024730F9
      • HeapDestroy.KERNEL32(?,?,00000000,02475C85,?,100120A0,024752D4), ref: 02475D05
      • HeapCreate.KERNEL32(?,?,?,?,00000000,02475C85,?,100120A0,024752D4), ref: 02475D20
      • SetEvent.KERNEL32(?,?,00000000,02475C85,?,100120A0,024752D4), ref: 02475D9C
      • RtlLeaveCriticalSection.NTDLL(?), ref: 02475DA3
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave
      • String ID:
      • API String ID: 563679510-0
      • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction ID: 09b6d97530abc351b699add915d1a62f06e7b4f90bc641bf9c6da65760ab0f33
      • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
      • Instruction Fuzzy Hash: DB31F471200A06AFD709DB75C888B96F7A9FF48310F14865AE9298B260DB75F865CFD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??2@lstrlenmemset
      • String ID: BITS$SYSTEM\Setup
      • API String ID: 3680187532-3074452007
      • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
      • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
      • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
      • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$EnterLeave
      • String ID:
      • API String ID: 3168844106-0
      • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
      • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
      • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
      • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 02474A68
      • CancelIo.KERNEL32(?), ref: 02474A72
      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02474A7B
      • closesocket.WS2_32(?), ref: 02474A85
      • SetEvent.KERNEL32(00000001), ref: 02474A8F
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
      • String ID:
      • API String ID: 1486965892-0
      • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction ID: 429540f14c6ae7ac439ec4e7f351648fdda2bb0c260c662ec528504f356a2cbc
      • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction Fuzzy Hash: 64F03CB6100710ABE220DB94CD89B66B7F8FB48B11F108A59FA9297690C7B4F514CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10002E1C
      • CancelIo.KERNEL32(?), ref: 10002E26
      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 10002E2F
      • closesocket.WS2_32(?), ref: 10002E39
      • SetEvent.KERNEL32(00000001), ref: 10002E43
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
      • String ID:
      • API String ID: 1486965892-0
      • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction ID: 709f11b2dc8ccf699aafbe62f7b0534b760bdc3690ddac9162a5b626801ec8b5
      • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
      • Instruction Fuzzy Hash: CBF03CB5100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9697690C6B4F914CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • GetProcessHeap.KERNEL32(00000000,?,00000000,02477D76), ref: 02477EFA
      • HeapFree.KERNEL32(00000000), ref: 02477F01
      • VirtualFree.KERNEL32(?,00000000,00008000,02477D76), ref: 02477F17
      • GetProcessHeap.KERNEL32(00000000,00000000,02477D76), ref: 02477F20
      • HeapFree.KERNEL32(00000000), ref: 02477F27
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: Heap$Free$Process$Virtual
      • String ID:
      • API String ID: 1594822054-0
      • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction ID: 287aa2b5eba47ad854479bcf9eacbd8101a66ca93c96966a8ed91da9a91fd9f5
      • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
      • Instruction Fuzzy Hash: C5112E71600710EFE631CF65CC88F57B3E9AB49715F508919E16A8B6A0C774F851CB20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,10016034,?,?,?,?,00000000,10010C3B,000000FF,?,0247F6CB), ref: 02480D3F
      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,0247F6CB), ref: 02480DDE
        • Part of subcall function 024731AC: RtlDeleteCriticalSection.NTDLL(00000000), ref: 024731CD
      • InterlockedExchange.KERNEL32(?,00000000), ref: 02480F6C
      • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,0247F6CB), ref: 02480F72
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$CountCreateDeleteEventExchangeInitializeInterlockedSpinTimetime
      • String ID:
      • API String ID: 106064292-0
      • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction ID: a7d4c69ff0cd74101b7857df21d51b0ed2db1c450a277e4d7973118e0ee595d5
      • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
      • Instruction Fuzzy Hash: A381C6B0A11A46BFE315DF7AC98479AFBA8FB09304F50422EE12C97640D775A964CF90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AED3
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000AF1D
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AF6D
      • ??3@YAXPAX@Z.MSVCR100 ref: 1000AFB4
        • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,B83884DB,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41,00000000,10009965), ref: 10008B55
        • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,B83884DB,?,B83884DB,00000000,00000000,B83884DB,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CFC0A41), ref: 10009B90
        • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
      • String ID:
      • API String ID: 2358051495-0
      • Opcode ID: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
      • Instruction ID: b77b04452d26876befaaa33bba6244ff55552589dcca94bb0683c8122b0cb0e2
      • Opcode Fuzzy Hash: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
      • Instruction Fuzzy Hash: 976164B4A0428A9FEF04DFA4C890BEEBBB1FF45394F108169E815AB345D730AD45CB51
      Uniqueness

      Uniqueness Score: -1.00%

      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction ID: bbc5b079b8af558de97ef83433f2a4c7e9b763cdc42935c5907fa34f5d571a34
      • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
      • Instruction Fuzzy Hash: 38317FB1640300ABE721DF69CC81FABB7E9EB89714F54455AFA18CB381E7B1D8008B91
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0247F996
      • Thread32First.KERNEL32(00000000,?), ref: 0247F9AD
      • Thread32Next.KERNEL32(00000000,0000001C), ref: 0247FA8E
      • CloseHandle.KERNEL32(00000000), ref: 0247FA9D
      • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0247FB09
      • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0247FB26
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0247FBE5
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0247FC24
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0247FC63
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0247FCA2
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0247FCE1
      • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0247FD20
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0247FD5F
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0247FD9E
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0247FDDD
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0247FE1C
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0247FE5B
      • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0247FE9A
      • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0247FED9
      • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0247FF29
      • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0247FF3D
      • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0247FF6B
      • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0247FF88
      • CloseHandle.KERNEL32(?), ref: 0247FFA6
      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0247FFC1
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
      • String ID:
      • API String ID: 1747700738-0
      • Opcode ID: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
      • Instruction ID: cebbb3003eea476a9a0981b54c2a4b21d5f6b3df7b0e6b64d2ffa28047995da3
      • Opcode Fuzzy Hash: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
      • Instruction Fuzzy Hash: B1319071A002059FDB24CFB5D984AAEB7F9FB48614B11862FE826D7790E770A904CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • timeGetTime.WINMM ref: 0247609A
      • InterlockedExchange.KERNEL32(?,00000000), ref: 024760A9
      • WaitForSingleObject.KERNEL32(?,00001770), ref: 024760F7
        • Part of subcall function 02475BAC: GetCurrentThreadId.KERNEL32 ref: 02475BB1
        • Part of subcall function 02475BAC: send.WS2_32(?,1001242C,00000010,00000000), ref: 02475C12
        • Part of subcall function 02475BAC: SetEvent.KERNEL32(?), ref: 02475C35
        • Part of subcall function 02475BAC: InterlockedExchange.KERNEL32(?,00000000), ref: 02475C41
        • Part of subcall function 02475BAC: WSACloseEvent.WS2_32(?), ref: 02475C4F
        • Part of subcall function 02475BAC: shutdown.WS2_32(?,00000001), ref: 02475C67
        • Part of subcall function 02475BAC: closesocket.WS2_32(?), ref: 02475C71
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: EventExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
      • String ID:
      • API String ID: 4080316033-0
      • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction ID: ac67f7dbb5a43fea2bd1ccf839770382851ddca6fa61b525bdaf9e27139f05ca
      • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
      • Instruction Fuzzy Hash: D7316FB6600714ABD220EF69DC84B9BB7E9FF88711F004A1EF59AC7650D771E404CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(B83884DB,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
      • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(6CFC0A41,B83884DB,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
      • realloc.MSVCR100 ref: 1000ADA8
      • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
      • String ID:
      • API String ID: 614970593-0
      • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
      • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
      • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
      • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ceil.MSVCR100 ref: 100011E9
      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
      • memcpy.MSVCR100 ref: 10001243
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001256
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Virtual$AllocFreeceilmemcpy
      • String ID:
      • API String ID: 941304502-0
      • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
      • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
      • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
      • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • SetLastError.KERNEL32(0000139F), ref: 02476038
        • Part of subcall function 02472F0C: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 02472F37
        • Part of subcall function 02475E2C: RtlEnterCriticalSection.NTDLL(02476A07), ref: 02475E34
        • Part of subcall function 02475E2C: RtlLeaveCriticalSection.NTDLL(02476A07), ref: 02475E42
        • Part of subcall function 024766BC: HeapFree.KERNEL32(?,00000000,?,00000000,024768A7,?,02475F14,024768A7,00000000,?,100122A8,024768A7,?), ref: 024766E3
      • SetLastError.KERNEL32(00000000,?), ref: 02476023
      • SetLastError.KERNEL32(00000057), ref: 0247604D
      • WSAGetLastError.WS2_32(?), ref: 0247605C
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: ErrorLast$CriticalHeapSection$AllocateEnterFreeLeave
      • String ID:
      • API String ID: 2160363220-0
      • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction ID: 9c79d16f6c26674475232d9b3e3e2646d62a767fcc7448d6111321229a5de9cc
      • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
      • Instruction Fuzzy Hash: B6110A32A0152C9BCB10EF79E8846DEB7A9EF88322B4541ABEC1CD3301D7358D118AD0
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ceil.MSVCR100 ref: 1000112F
      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
      • memcpy.MSVCR100 ref: 1000117C
      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Virtual$AllocFreeceilmemcpy
      • String ID:
      • API String ID: 941304502-0
      • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
      • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
      • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
      • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • WSAEventSelect.WS2_32(02475707,00000001,00000023), ref: 0247584E
      • WSAGetLastError.WS2_32 ref: 02475859
      • send.WS2_32(00000001,00000000,00000000,00000000), ref: 024758A4
      • WSAGetLastError.WS2_32 ref: 024758AF
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: ErrorLast$EventSelectsend
      • String ID:
      • API String ID: 259408233-0
      • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction ID: 4ee3380aaef2151b8b6bd3231236d6ff4342f319e6aba0bccc69bbff4b08f359
      • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
      • Instruction Fuzzy Hash: 74115EB1600B005BE3209F7AC8C8A97B7FAFB88710B514A1EE966C7790D735E4148B50
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,B83884DB,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A13
      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,B83884DB,00000000,00000000,00000000,6CFBD4A2,?,00000000,00000000), ref: 10007A40
      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
      • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
      • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,?,00000000,00000000), ref: 10007B07
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
      • String ID:
      • API String ID: 3901553425-0
      • Opcode ID: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
      • Instruction ID: efe17ea185d12684d878693edc1b18e8d1ff87ead5748dc24528a512154253e9
      • Opcode Fuzzy Hash: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
      • Instruction Fuzzy Hash: CC215874B00601DFE714CF98C990AADBBB1FB89354B21829DE91A97391C735EE02CB81
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RtlEnterCriticalSection.NTDLL(02476A07), ref: 02475E34
      • RtlLeaveCriticalSection.NTDLL(02476A07), ref: 02475E42
      • RtlLeaveCriticalSection.NTDLL(02476A07), ref: 02475EA3
      • SetEvent.KERNEL32(207E8915), ref: 02475EBE
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$Leave$EnterEvent
      • String ID:
      • API String ID: 3394196147-0
      • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction ID: 67502835a18a5912daeefdf1a65317023c54f97462d716891ebd60dc97b9a42e
      • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction Fuzzy Hash: 0511B0B0A00B00AFD724CF75C984AD3B7E5BF58305B54C82EE96A8B211EB30E815CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CF0017C,10004C5B,?), ref: 100041E8
      • LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
      • LeaveCriticalSection.KERNEL32(10004DBB), ref: 10004257
      • SetEvent.KERNEL32(207E8915), ref: 10004272
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CriticalSection$Leave$EnterEvent
      • String ID:
      • API String ID: 3394196147-0
      • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction ID: 96050006febd72b84065b66e0954a009dcf70bb20e51a277782550e92b998592
      • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
      • Instruction Fuzzy Hash: 4911E5B0600B01AFE714DF75C988A96B7F5FF58341B56C92DE55E87225EB30E811CB40
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • timeGetTime.WINMM(00000001,?,00000001,?,10003C4F,?,?,00000001), ref: 10004995
      • InterlockedIncrement.KERNEL32(?), ref: 100049A4
      • InterlockedIncrement.KERNEL32(?), ref: 100049B1
      • timeGetTime.WINMM(?,00000001,?,10003C4F,?,?,00000001), ref: 100049C8
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: IncrementInterlockedTimetime
      • String ID:
      • API String ID: 159728177-0
      • Opcode ID: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
      • Instruction ID: 388a31e28c4315a2b80f9eb1b1731ff0b6962f18e2323a641fbf2073ec4b61e2
      • Opcode Fuzzy Hash: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
      • Instruction Fuzzy Hash: 07011AB16007059FD720DFAAD88094AFBF8FF58650701892EE549C7711EB74EA448FE4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CloseSleep
      • String ID:
      • API String ID: 2834455192-0
      • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction ID: 074441173190ce03a2e74cb0230739f0fef4dfc6637305535e0508e22c5a27a8
      • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
      • Instruction Fuzzy Hash: F301D1B0524311FBE206ABA4CC88F7F7BACEB49314F008509FB45D20A1DB70E824CB66
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
      • free.MSVCR100(?), ref: 100036DC
      • malloc.MSVCR100 ref: 10003718
      • memset.MSVCR100 ref: 10003727
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CreateTimerWaitablefreemallocmemset
      • String ID:
      • API String ID: 3069344516-0
      • Opcode ID: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
      • Instruction ID: e76cd7351c069e8dc2573ffc5f75bc7c557aaaa7039b3712dd61b8e0fe7f7cd0
      • Opcode Fuzzy Hash: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
      • Instruction Fuzzy Hash: 7401A9F5900B04DFE360DF7A8885B97BBE9EB45244F10882EE5AE83301C675A8448F20
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
        • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
        • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
      • HeapDestroy.KERNEL32(00000000,?,?,1000ED78), ref: 1000EE93
      • HeapCreate.KERNEL32(?,?,?,?,?,1000ED78), ref: 1000EEA5
      • free.MSVCR100(?), ref: 1000EEB5
      • HeapDestroy.KERNEL32(?), ref: 1000EEE3
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Heap$Destroyfree$CreateFree
      • String ID:
      • API String ID: 3907340440-0
      • Opcode ID: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
      • Instruction ID: 2b6ea0b1bf14b454bcfa0d9d0ec2d02c0ea479da0eae51473de9a487cb0356fb
      • Opcode Fuzzy Hash: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
      • Instruction Fuzzy Hash: B5F037F9100652ABE710DF24D848B67BBF8FF84790F118518E96993654DB35E821CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
      • _beginthreadex.MSVCR100 ref: 1000F46F
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
      • CloseHandle.KERNEL32(?), ref: 1000F48A
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
      • String ID:
      • API String ID: 92035984-0
      • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
      • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
      • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
      • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
      • memcpy.MSVCR100 ref: 1000D514
        • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
      • String ID: string too long
      • API String ID: 4248180022-2556327735
      • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
      • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
      • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
      • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
      • memcpy.MSVCR100 ref: 1000D8B2
        • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
        • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F35AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
        • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
      • String ID: string too long
      • API String ID: 433638341-2556327735
      • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
      • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
      • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
      • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • gethostname.WS2_32(?,00000100), ref: 02478184
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: gethostname
      • String ID: Host$SYSTEM\Setup
      • API String ID: 144339138-2058306683
      • Opcode ID: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
      • Instruction ID: 1e2932a7f29d9e705da3bd66f5091a38659b3e0d82f7dfe0f2ad3f9a5e59a3ea
      • Opcode Fuzzy Hash: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
      • Instruction Fuzzy Hash: 6811CFB09411559FE712EF158C81B6E77B5EF49300F104196E70CA7350D7709656CF55
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,?,?,1000767F,?,B83884DB), ref: 1000D2C8
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: Xlength_error@std@@
      • String ID: string too long
      • API String ID: 1004598685-2556327735
      • Opcode ID: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
      • Instruction ID: 7c290e37c21cc128044187aa2d57a67ac510d619e09b39ca63a5e6919b49c54c
      • Opcode Fuzzy Hash: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
      • Instruction Fuzzy Hash: 36118271305641DFF724EE5C9980B1DB7A9FF61290F14012BF9128B295D7B1EA90C6B2
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 02477796
      • RegCloseKey.ADVAPI32(?), ref: 024777A0
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: Host
      • API String ID: 3132538880-1863695555
      • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction ID: eeb1ac48177d450c6af7e022422a1e2a36733bfdccbb2a2ded3d03008202c516
      • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction Fuzzy Hash: 6DE0C2B4600214FFE725CF648C9CFBA7B2ADB89301F108281FD459B250CA31DA25CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 024777E6
      • RegCloseKey.ADVAPI32(?), ref: 024777F0
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919647704.0000000002470000.00000040.00000020.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_2470000_msedge.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: BITS
      • API String ID: 3132538880-1135043067
      • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction ID: 09c31f6dbf4f9a11c9f41fe5804d5fe21f2a634539cd72fecc96b7805716c39b
      • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
      • Instruction Fuzzy Hash: 0CE0C2B4600214FFE721CB608C9CFBBBB6ADB89701F108281FC459B251CA31DA24CB90
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 10005B4A
      • RegCloseKey.ADVAPI32(?), ref: 10005B54
      Strings
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: CloseValue
      • String ID: Host
      • API String ID: 3132538880-1863695555
      • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction ID: dcad731e8835d6dae927973394ebae374a698fdf24b40fc78b981aaf5b05d5c2
      • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
      • Instruction Fuzzy Hash: A3E0C2B4600254FFE315CF648C9DFBA7B6ADB89301F108380FD459B244CA32DA15C790
      Uniqueness

      Uniqueness Score: -1.00%

      APIs
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
      • memset.MSVCR100 ref: 10005D11
      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
      • memcpy.MSVCR100 ref: 10005D39
      Memory Dump Source
      • Source File: 00000007.00000002.1919845926.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
      • Associated: 00000007.00000002.1919823588.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919873469.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919900195.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
      • Associated: 00000007.00000002.1919923840.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_7_2_10000000_msedge.jbxd
      Similarity
      • API ID: AllocVirtual$memcpymemset
      • String ID:
      • API String ID: 2542864682-0
      • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
      • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
      • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
      • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
      Uniqueness

      Uniqueness Score: -1.00%