Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cracked.exe

Overview

General Information

Sample name:cracked.exe
Analysis ID:1446997
MD5:41b1b1f3940c54bf207a9e6f7d0eada6
SHA1:00946ab04db6e5f0161624807a593bef8cdf3530
SHA256:f534a2084d2b59d37741bfe46848828079597e17b4aa6e34d7f6b8e8f187ad63
Tags:exemetasploitmeterperterrozena
Infos:

Detection

Metasploit, Meterpreter
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Metasploit Payload
Yara detected Meterpreter
AI detected suspicious sample
Contains functionality to inject threads in other processes
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cracked.exe (PID: 6432 cmdline: "C:\Users\user\Desktop\cracked.exe" MD5: 41B1B1F3940C54BF207A9E6F7D0EADA6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MeterpreterNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.meterpreter

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
cracked.exeJoeSecurity_MeterpreterYara detected MeterpreterJoe Security
    cracked.exeJoeSecurity_MetasploitPayloadYara detected Metasploit PayloadJoe Security
      cracked.exeWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
      • 0x37ad6:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
      cracked.exeWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
      • 0x3799f:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      • 0x37bdf:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      cracked.exeWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
      • 0x37a0b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      • 0x37c4b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      Click to see the 1 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
      • 0x10d6:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
      00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
      • 0xf9f:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      • 0x11df:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
      • 0x100b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      • 0x124b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpJoeSecurity_MeterpreterYara detected MeterpreterJoe Security
        00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
        • 0x266d6:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
        Click to see the 8 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.cracked.exe.416000.1.unpackJoeSecurity_MeterpreterYara detected MeterpreterJoe Security
          0.0.cracked.exe.416000.1.unpackWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
          • 0x252d6:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
          0.0.cracked.exe.416000.1.unpackWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
          • 0x2519f:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
          • 0x253df:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
          0.0.cracked.exe.416000.1.unpackWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
          • 0x2520b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
          • 0x2544b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
          0.0.cracked.exe.416000.1.unpackMALWARE_Win_MeterpreterDetects Meterpreter payloadditekSHen
          • 0x25d78:$s1: PACKET TRANSMIT
          • 0x25d88:$s2: PACKET RECEIVE
          • 0x25c28:$s3: \\%s\pipe\%s
          • 0x25d10:$s3: \\%s\pipe\%s
          • 0x25b6c:$s4: %04x-%04x:%s
          • 0x2301c:$s5: server.dll
          Click to see the 30 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: cracked.exeAvira: detected
          Multi AV Scanner detection for submitted file
          Source: cracked.exeReversingLabs: Detection: 78%
          Source: cracked.exeVirustotal: Detection: 85%Perma Link
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: cracked.exeJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A5910 _memcpy_s,CryptDuplicateKey,GetLastError,CryptSetKeyParam,CryptSetKeyParam,CryptGenRandom,GetLastError,GetLastError,CryptSetKeyParam,GetLastError,htonl,_malloc,_memcpy_s,CryptEncrypt,GetLastError,htonl,_memcpy_s,_memcpy_s,_malloc,htonl,_memcpy_s,_memcpy_s,CryptDestroyKey,0_2_007A5910
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A5B01 _calloc,CryptAcquireContextW,GetLastError,CryptGenRandom,CryptImportKey,GetLastError,_free,0_2_007A5B01
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A5CD1 CryptDecodeObjectEx,GetLastError,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptImportPublicKeyInfo,CryptEncrypt,CryptEncrypt,_calloc,_memcpy_s,CryptEncrypt,_free,LocalFree,CryptDestroyKey,CryptReleaseContext,0_2_007A5CD1
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A5C90 CryptDestroyKey,GetUserObjectInformationA,CryptReleaseContext,_free,0_2_007A5C90
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A579E _calloc,htonl,htonl,CryptDuplicateKey,GetLastError,CryptSetKeyParam,CryptSetKeyParam,CryptDecrypt,_memmove_s,htonl,htonl,_malloc,_memcpy_s,CryptDestroyKey,0_2_007A579E
          Source: cracked.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

          Networking

          barindex
          Yara detected Meterpreter
          Source: Yara matchFile source: cracked.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: global trafficTCP traffic: 192.168.2.4:49730 -> 185.228.139.123:8443
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: unknownTCP traffic detected without corresponding DNS query: 185.228.139.123
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00408B40 WSARecv,WSAGetLastError,WSAGetLastError,WSAGetLastError,0_2_00408B40
          Source: cracked.exeString found in binary or memory: http://www.apache.org/
          Source: cracked.exeString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: cracked.exeString found in binary or memory: http://www.zeustech.net/
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/&&
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/)
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/-&
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/0
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/4&
          Source: cracked.exeString found in binary or memory: https://185.228.139.123:8443/6mopdNaoQfcUCxUKcT5rOgk6Ghe5kPS2RxsCbDkmRVCYraOjDorEABYEk0r2iVvCnzli5Bo
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/;&
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/V
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/c
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/j
          Source: cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.228.139.123:8443/q
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A5B01 _calloc,CryptAcquireContextW,GetLastError,CryptGenRandom,CryptImportKey,GetLastError,_free,0_2_007A5B01

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: cracked.exe, type: SAMPLEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: cracked.exe, type: SAMPLEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: cracked.exe, type: SAMPLEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: cracked.exe, type: SAMPLEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects Meterpreter payload Author: ditekSHen
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004096C0: GetFileInformationByHandle,DeviceIoControl,GetLastError,GetLastError,GetLastError,WaitForSingleObject,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,SetLastError,GetOverlappedResult,GetLastError,GetLastError,GetLastError,0_2_004096C0
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004070D00_2_004070D0
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00406A400_2_00406A40
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004292520_2_00429252
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004292520_2_00429252
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004272790_2_00427279
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004272790_2_00427279
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043327D0_2_0043327D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043327D0_2_0043327D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426A2C0_2_00426A2C
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426A2C0_2_00426A2C
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004253000_2_00425300
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004253000_2_00425300
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042FB200_2_0042FB20
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042FB200_2_0042FB20
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042444D0_2_0042444D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042444D0_2_0042444D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0040B4000_2_0040B400
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00433D610_2_00433D61
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00433D610_2_00433D61
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004345090_2_00434509
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004345090_2_00434509
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004265380_2_00426538
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004265380_2_00426538
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426E440_2_00426E44
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426E440_2_00426E44
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004356920_2_00435692
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004356920_2_00435692
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004276AE0_2_004276AE
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004276AE0_2_004276AE
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042BF420_2_0042BF42
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042BF420_2_0042BF42
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004337EF0_2_004337EF
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004337EF0_2_004337EF
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004292520_2_00429252
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004292520_2_00429252
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004272790_2_00427279
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004272790_2_00427279
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043327D0_2_0043327D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043327D0_2_0043327D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426A2C0_2_00426A2C
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426A2C0_2_00426A2C
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004253000_2_00425300
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004253000_2_00425300
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042FB200_2_0042FB20
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042FB200_2_0042FB20
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042444D0_2_0042444D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042444D0_2_0042444D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00433D610_2_00433D61
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00433D610_2_00433D61
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004345090_2_00434509
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004345090_2_00434509
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004265380_2_00426538
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004265380_2_00426538
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426E440_2_00426E44
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00426E440_2_00426E44
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004356920_2_00435692
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004356920_2_00435692
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004276AE0_2_004276AE
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004276AE0_2_004276AE
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042BF420_2_0042BF42
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042BF420_2_0042BF42
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004337EF0_2_004337EF
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004337EF0_2_004337EF
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007AF04D0_2_007AF04D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007BE9610_2_007BE961
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B11380_2_007B1138
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007BF1090_2_007BF109
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B1A440_2_007B1A44
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B22AE0_2_007B22AE
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007C02920_2_007C0292
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B6B420_2_007B6B42
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007ADBF20_2_007ADBF2
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007BE3EF0_2_007BE3EF
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B1E790_2_007B1E79
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007BDE7D0_2_007BDE7D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B3E520_2_007B3E52
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B162C0_2_007B162C
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007BA7200_2_007BA720
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007AFF000_2_007AFF00
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007AA78D0_2_007AA78D
          Source: C:\Users\user\Desktop\cracked.exeCode function: String function: 0042E180 appears 88 times
          Source: C:\Users\user\Desktop\cracked.exeCode function: String function: 0042E4DE appears 64 times
          Source: cracked.exeBinary or memory string: OriginalFilename vs cracked.exe
          Source: cracked.exe, 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameab.exeF vs cracked.exe
          Source: cracked.exe, 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameab.exeF vs cracked.exe
          Source: cracked.exeBinary or memory string: OriginalFilenameab.exeF vs cracked.exe
          Source: cracked.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: cracked.exe, type: SAMPLEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: cracked.exe, type: SAMPLEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: cracked.exe, type: SAMPLEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: cracked.exe, type: SAMPLEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
          Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
          Source: classification engineClassification label: mal92.troj.evad.winEXE@1/0@0/1
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A1BAC GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetLastError,CreateEventW,GetCurrentProcess,DuplicateHandle,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,_free,_free,CloseHandle,CloseHandle,0_2_007A1BAC
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A770B GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_007A770B
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A25C8 VirtualAllocEx,VirtualQueryEx,_malloc,_memset,WriteProcessMemory,WriteProcessMemory,_free,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,GetLastError,Thread32First,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,OpenThread,SuspendThread,CloseHandle,Thread32Next,SetLastError,GetLastError,Sleep,ResumeThread,CloseHandle,CloseHandle,FreeLibrary,SetLastError,0_2_007A25C8
          Source: C:\Users\user\Desktop\cracked.exeMutant created: NULL
          Source: C:\Users\user\Desktop\cracked.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: cracked.exeReversingLabs: Detection: 78%
          Source: cracked.exeVirustotal: Detection: 85%
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0040A940 LoadLibraryA,GetProcAddress,GetProcAddress,0_2_0040A940
          Source: initial sampleStatic PE information: section where entry point is pointing to: .graz
          Source: cracked.exeStatic PE information: real checksum: 0x409bb should be: 0x40b13
          Source: cracked.exeStatic PE information: section name: .graz
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0040B840 push eax; ret 0_2_0040B86E
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B827 push esi; ret 0_2_0042B829
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B827 push esi; ret 0_2_0042B829
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043288D push edi; ret 0_2_0043288F
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043288D push edi; ret 0_2_0043288F
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B910 push edi; ret 0_2_0042B912
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B910 push edi; ret 0_2_0042B912
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042E1C5 push ecx; ret 0_2_0042E1D8
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042E1C5 push ecx; ret 0_2_0042E1D8
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004252EB push ecx; ret 0_2_004252FB
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004252EB push ecx; ret 0_2_004252FB
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043243E push edi; ret 0_2_0043244D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043243E push edi; ret 0_2_0043244D
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B4C1 push edi; ret 0_2_0042B4D0
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B4C1 push edi; ret 0_2_0042B4D0
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004324B0 push edi; ret 0_2_004324B2
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004324B0 push edi; ret 0_2_004324B2
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B533 push edi; ret 0_2_0042B535
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B533 push edi; ret 0_2_0042B535
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004325BB push esi; ret 0_2_004325CB
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004325BB push esi; ret 0_2_004325CB
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B64C push esi; ret 0_2_0042B64E
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B64C push esi; ret 0_2_0042B64E
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004327A4 push esi; ret 0_2_004327A6
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_004327A4 push esi; ret 0_2_004327A6
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B827 push esi; ret 0_2_0042B829
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B827 push esi; ret 0_2_0042B829
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043288D push edi; ret 0_2_0043288F
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0043288D push edi; ret 0_2_0043288F
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B910 push edi; ret 0_2_0042B912
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0042B910 push edi; ret 0_2_0042B912
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B3E52 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_007B3E52
          Source: C:\Users\user\Desktop\cracked.exeAPI coverage: 2.8 %
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\cracked.exeLast function: Thread delayed
          Source: cracked.exe, 00000000.00000002.2890697139.00000000005BA000.00000004.00000020.00020000.00000000.sdmp, cracked.exe, 00000000.00000002.2890697139.000000000056E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\cracked.exeAPI call chain: ExitProcess graph end nodegraph_0-36186
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007BA1D9 IsDebuggerPresent,0_2_007BA1D9
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B9768 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_007B9768
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0040A940 LoadLibraryA,GetProcAddress,GetProcAddress,0_2_0040A940
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0041A568 mov eax, dword ptr fs:[00000030h]0_2_0041A568
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0041A568 mov eax, dword ptr fs:[00000030h]0_2_0041A568
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0041A568 mov eax, dword ptr fs:[00000030h]0_2_0041A568
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0041A568 mov eax, dword ptr fs:[00000030h]0_2_0041A568
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A5168 mov eax, dword ptr fs:[00000030h]0_2_007A5168
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B3BE8 GetProcessHeap,0_2_007B3BE8
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A56FE GetModuleHandleW,SetUnhandledExceptionFilter,ExitProcess,ExitThread,0_2_007A56FE
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007B8C43 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007B8C43

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Contains functionality to inject threads in other processes
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A4F7E VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,0_2_007A4F7E
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A7604 CreateNamedPipeA,AllocateAndInitializeSid,AllocateAndInitializeSid,SetEntriesInAclW,AllocateAndInitializeSid,LocalAlloc,LocalAlloc,InitializeAcl,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,0_2_007A7604
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00409C80 AllocateAndInitializeSid,SetLastError,SetLastError,SetLastError,0_2_00409C80
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A828E CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,ConnectNamedPipe,GetLastError,CloseHandle,0_2_007A828E
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00406A00 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_00406A00
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_00406B10 FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeZoneInformation,0_2_00406B10
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_0040A720 GetVersionExA,_isctype,__mb_cur_max,_isctype,_pctype,atoi,_isctype,__mb_cur_max,_isctype,_pctype,0_2_0040A720

          Remote Access Functionality

          barindex
          Yara detected Metasploit Payload
          Source: Yara matchFile source: cracked.exe, type: SAMPLE
          Yara detected Meterpreter
          Source: Yara matchFile source: cracked.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.cracked.exe.416000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.cracked.exe.416000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.416000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.cracked.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.cracked.exe.7a0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\cracked.exeCode function: 0_2_007A88C8 bind,WSAGetLastError,listen,accept,closesocket,0_2_007A88C8

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		1
          Access Token Manipulation          		1
          Access Token Manipulation          		OS Credential Dumping2
          System Time Discovery          		Remote Services11
          Archive Collected Data          		2
          Encrypted Channel          		Exfiltration Over Other Network Medium1
          Data Encrypted for Impact
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
          Process Injection          		11
          Process Injection          		LSASS Memory31
          Security Software Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Ingress Tool Transfer          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Obfuscated Files or Information          		NTDS3
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          cracked.exe79%ReversingLabsWin32.Backdoor.Meterpreter
          cracked.exe85%VirustotalBrowse
          cracked.exe100%AviraTR/Crypt.XPACK.Gen
          cracked.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
          http://www.apache.org/0%URL Reputationsafe
          http://www.zeustech.net/0%Avira URL Cloudsafe
          https://185.228.139.123:8443/c0%Avira URL Cloudsafe
          https://185.228.139.123:8443/&&0%Avira URL Cloudsafe
          https://185.228.139.123:8443/j0%Avira URL Cloudsafe
          https://185.228.139.123:8443/;&0%Avira URL Cloudsafe
          https://185.228.139.123:8443/)0%Avira URL Cloudsafe
          https://185.228.139.123:8443/V0%Avira URL Cloudsafe
          https://185.228.139.123:8443/6mopdNaoQfcUCxUKcT5rOgk6Ghe5kPS2RxsCbDkmRVCYraOjDorEABYEk0r2iVvCnzli5Bo0%Avira URL Cloudsafe
          https://185.228.139.123:8443/-&0%Avira URL Cloudsafe
          https://185.228.139.123:8443/00%Avira URL Cloudsafe
          https://185.228.139.123:8443/q0%Avira URL Cloudsafe
          http://www.zeustech.net/0%VirustotalBrowse
          https://185.228.139.123:8443/4&0%Avira URL Cloudsafe
          https://185.228.139.123:8443/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.0cracked.exefalse
          • URL Reputation: safe
          		unknown
          https://185.228.139.123:8443/;&cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/ccracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/jcracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.zeustech.net/cracked.exefalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/&&cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/)cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/6mopdNaoQfcUCxUKcT5rOgk6Ghe5kPS2RxsCbDkmRVCYraOjDorEABYEk0r2iVvCnzli5Bocracked.exefalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/Vcracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/-&cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/0cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/qcracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://185.228.139.123:8443/4&cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.apache.org/cracked.exefalse
          • URL Reputation: safe
          		unknown
          https://185.228.139.123:8443/cracked.exe, 00000000.00000002.2890697139.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          185.228.139.123
          		unknownGermany
          		197540NETCUP-ASnetcupGmbHDEfalse

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1446997
          Start date and time:2024-05-24 07:49:11 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 4m 31s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:5
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:cracked.exe
          Detection:MAL
          Classification:mal92.troj.evad.winEXE@1/0@0/1
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 88%
          • Number of executed functions: 11
          • Number of non-executed functions: 232
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          185.228.139.123ranger.exeGet hashmaliciousMetasploitBrowse

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            NETCUP-ASnetcupGmbHDEranger.exeGet hashmaliciousMetasploitBrowse
            • 185.228.139.123
            file.exeGet hashmaliciousCMSBruteBrowse
            • 37.120.171.230
            gtKVgxrJ22.exeGet hashmaliciousGurcu Stealer, WhiteSnake StealerBrowse
            • 195.128.101.64
            jXBjxhHQgR.exeGet hashmaliciousCMSBruteBrowse
            • 5.45.98.188
            INVOICE087667899.exeGet hashmaliciousUnknownBrowse
            • 93.177.67.178
            z8s945rPmZ.exeGet hashmaliciousSystemBCBrowse
            • 185.243.11.41
            does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse
            • 46.38.249.148
            http://92.60.39.76:9993/wr.exeGet hashmaliciousXmrigBrowse
            • 92.60.39.76
            http://92.60.39.76:9993/wr.exeGet hashmaliciousUnknownBrowse
            • 92.60.39.76
            http://92.60.39.76:9993/wr.exeGet hashmaliciousXmrigBrowse
            • 92.60.39.76

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):6.369607392998981
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:cracked.exe
            File size:251'904 bytes
            MD5:41b1b1f3940c54bf207a9e6f7d0eada6
            SHA1:00946ab04db6e5f0161624807a593bef8cdf3530
            SHA256:f534a2084d2b59d37741bfe46848828079597e17b4aa6e34d7f6b8e8f187ad63
            SHA512:bdbb47040a66c679277cb6ae38de4032fcf5c899e66a3714f35c8c66d875544fdbaa84903fb9b08f9e688a61a2aa0273829f85ee08e19d8a1e8feff86a544a1b
            SSDEEP:3072:BzqTC/VXu6wke0Nc8QsCtR6C45ds/1sAUsMGbCpcAQbzFkFgjGrRzQYw:lqGdXu6wv0Nc8Qsi6F6dMiAHgjc2Y
            TLSH:A5349E02B5C08031D1AB127916BB6B321A7DBC7617768A9F7B98CC894FB44D0B33A757
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8...Y...Y...Y...E...Y..TE...Y...F...Y...F...Y...Y...Y..TQ...Y...z...Y..._...Y..Rich.Y..................PE..L...6..J...........

            File Icon

            Icon Hash:90cececece8e8eb0

            Static PE Info

            General

            Entrypoint:0x416000
            Entrypoint Section:.graz
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            DLL Characteristics:
            Time Stamp:0x4AC18036 [Tue Sep 29 03:34:14 2009 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:481f47bbb2c9c21e108d65f52b04c448

            Entrypoint Preview

            Instruction
            dec ebp
            pop edx
            call 00007FA1F87ED425h
            pop ebx
            push edx
            inc ebp
            push ebp
            mov ebp, esp
            add ebx, 00004561h
            call ebx
            add ebx, 00026498h
            push ebx
            push 00000004h
            push eax
            call eax
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add al, bh
            add byte ptr [eax], al
            add byte ptr [esi], cl
            pop ds
            mov edx, 09B4000Eh
            int 21h
            mov eax, 21CD4C01h
            push esp
            push 70207369h
            jc 00007FA1F87ED491h
            jc 00007FA1F87ED484h
            insd
            and byte ptr [ebx+61h], ah
            outsb
            outsb
            outsd
            je 00007FA1F87ED442h
            bound esp, dword ptr [ebp+20h]
            jc 00007FA1F87ED497h
            outsb
            and byte ptr [ecx+6Eh], ch
            and byte ptr [edi+ecx*2+53h], al
            and byte ptr [ebp+6Fh], ch
            or eax, 00240A0Dh
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            mov ebp, F9D3EB4Eh
            das
            test dword ptr [eax-7F7AD007h], eax
            stc
            das
            test dword ptr [eax-7F9B820Ch], eax

            Rich Headers

            Programming Language:
            • [EXP] VC++ 6.0 SP5 build 8804

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x412600x878.graz
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x41ad80x7c0.graz
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x422980x8.graz
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0xc0000x1e0.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000xa9660xb000f29e95e927219cf6bd883d79b67751fdFalse0.5658513849431818data6.425898089715655IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0xc0000xfe60x10005df554b65afdfe733660483090ad3127False0.5068359375data5.468784124503008IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0xd0000x705c0x4000283b5f792323d57b9db4d2bcc46580f8False0.25634765625Matlab v4 mat-file (little endian) d, numeric, rows 0, columns 04.407841023203495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x150000x7c80x1000c13a9413aea7291b6fc85d75bfcde381False0.197998046875data1.958296025171192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .graz0x160000x2c2a00x2c400495afb951dacf4772fb9dabc0e5a91d2False0.5201878089689266PE32 executable (DLL) (GUI) Intel 80386, for MS Windows6.376964023079302IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0x41b300x768dataEnglishUnited States0.40189873417721517

            Imports

            DLLImport
            MSVCRT.dll_iob, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, _XcptFilter, _exit, _onexit, __dllonexit, strrchr, wcsncmp, _close, wcslen, wcscpy, strerror, modf, strspn, realloc, __p__environ, __p__wenviron, _errno, free, strncmp, strstr, strncpy, _ftol, qsort, fopen, perror, fclose, fflush, calloc, malloc, signal, printf, _isctype, atoi, exit, __mb_cur_max, _pctype, strchr, fprintf, _controlfp, _strdup, _strnicmp
            KERNEL32.dllPeekNamedPipe, ReadFile, WriteFile, LoadLibraryA, GetProcAddress, GetVersionExA, GetExitCodeProcess, TerminateProcess, LeaveCriticalSection, SetEvent, ReleaseMutex, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CreateMutexA, GetFileType, SetLastError, FreeEnvironmentStringsW, GetEnvironmentStringsW, GlobalFree, GetCommandLineW, TlsAlloc, TlsFree, DuplicateHandle, GetCurrentProcess, SetHandleInformation, CloseHandle, GetSystemTimeAsFileTime, FileTimeToSystemTime, GetTimeZoneInformation, FileTimeToLocalFileTime, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, Sleep, FormatMessageA, GetLastError, WaitForSingleObject, CreateEventA, SetStdHandle, SetFilePointer, CreateFileA, CreateFileW, GetOverlappedResult, DeviceIoControl, GetFileInformationByHandle, LocalFree
            ADVAPI32.dllFreeSid, AllocateAndInitializeSid
            WSOCK32.dllgetsockopt, connect, htons, gethostbyname, ntohl, inet_ntoa, setsockopt, socket, closesocket, select, ioctlsocket, __WSAFDIsSet, WSAStartup, WSACleanup, WSAGetLastError
            WS2_32.dllWSARecv, WSASend

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 24, 2024 07:49:58.697128057 CEST497308443192.168.2.4185.228.139.123
            May 24, 2024 07:49:58.702316999 CEST844349730185.228.139.123192.168.2.4
            May 24, 2024 07:49:58.702528000 CEST497308443192.168.2.4185.228.139.123
            May 24, 2024 07:49:58.706197977 CEST497308443192.168.2.4185.228.139.123
            May 24, 2024 07:49:58.755676031 CEST844349730185.228.139.123192.168.2.4
            May 24, 2024 07:50:00.355678082 CEST844349730185.228.139.123192.168.2.4
            May 24, 2024 07:50:00.355794907 CEST497308443192.168.2.4185.228.139.123
            May 24, 2024 07:50:00.362612963 CEST497308443192.168.2.4185.228.139.123
            May 24, 2024 07:50:00.363002062 CEST497318443192.168.2.4185.228.139.123
            May 24, 2024 07:50:00.408035994 CEST844349730185.228.139.123192.168.2.4
            May 24, 2024 07:50:00.459312916 CEST844349731185.228.139.123192.168.2.4
            May 24, 2024 07:50:00.459538937 CEST497318443192.168.2.4185.228.139.123
            May 24, 2024 07:50:00.460050106 CEST497318443192.168.2.4185.228.139.123
            May 24, 2024 07:50:00.511564970 CEST844349731185.228.139.123192.168.2.4
            May 24, 2024 07:50:02.108521938 CEST844349731185.228.139.123192.168.2.4
            May 24, 2024 07:50:02.108612061 CEST497318443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.108663082 CEST497318443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.108968019 CEST497328443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.162256002 CEST844349731185.228.139.123192.168.2.4
            May 24, 2024 07:50:02.212378979 CEST844349732185.228.139.123192.168.2.4
            May 24, 2024 07:50:02.212483883 CEST497328443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.213550091 CEST497328443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.214780092 CEST497338443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.263730049 CEST844349733185.228.139.123192.168.2.4
            May 24, 2024 07:50:02.263813019 CEST497338443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.264046907 CEST497338443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.268733025 CEST844349732185.228.139.123192.168.2.4
            May 24, 2024 07:50:02.268798113 CEST497328443192.168.2.4185.228.139.123
            May 24, 2024 07:50:02.273617029 CEST844349733185.228.139.123192.168.2.4
            May 24, 2024 07:50:03.907530069 CEST844349733185.228.139.123192.168.2.4
            May 24, 2024 07:50:03.907624006 CEST497338443192.168.2.4185.228.139.123
            May 24, 2024 07:50:03.907749891 CEST497338443192.168.2.4185.228.139.123
            May 24, 2024 07:50:03.908070087 CEST497348443192.168.2.4185.228.139.123
            May 24, 2024 07:50:03.959480047 CEST844349733185.228.139.123192.168.2.4
            May 24, 2024 07:50:04.011322975 CEST844349734185.228.139.123192.168.2.4
            May 24, 2024 07:50:04.011543036 CEST497348443192.168.2.4185.228.139.123
            May 24, 2024 07:50:04.013196945 CEST497348443192.168.2.4185.228.139.123
            May 24, 2024 07:50:04.063500881 CEST844349734185.228.139.123192.168.2.4
            May 24, 2024 07:50:05.657576084 CEST844349734185.228.139.123192.168.2.4
            May 24, 2024 07:50:05.657694101 CEST497348443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.657783985 CEST497348443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.658099890 CEST497358443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.667457104 CEST844349734185.228.139.123192.168.2.4
            May 24, 2024 07:50:05.687247038 CEST844349735185.228.139.123192.168.2.4
            May 24, 2024 07:50:05.687374115 CEST497358443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.687619925 CEST497358443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.700938940 CEST497368443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.749454021 CEST844349736185.228.139.123192.168.2.4
            May 24, 2024 07:50:05.749470949 CEST844349735185.228.139.123192.168.2.4
            May 24, 2024 07:50:05.749567986 CEST497358443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.749671936 CEST497368443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.750000000 CEST497368443192.168.2.4185.228.139.123
            May 24, 2024 07:50:05.795624018 CEST844349736185.228.139.123192.168.2.4
            May 24, 2024 07:50:07.437186003 CEST844349736185.228.139.123192.168.2.4
            May 24, 2024 07:50:07.437602043 CEST497368443192.168.2.4185.228.139.123
            May 24, 2024 07:50:07.437602997 CEST497368443192.168.2.4185.228.139.123
            May 24, 2024 07:50:07.437866926 CEST497378443192.168.2.4185.228.139.123
            May 24, 2024 07:50:07.495769024 CEST844349736185.228.139.123192.168.2.4
            May 24, 2024 07:50:07.547400951 CEST844349737185.228.139.123192.168.2.4
            May 24, 2024 07:50:07.547676086 CEST497378443192.168.2.4185.228.139.123
            May 24, 2024 07:50:07.547993898 CEST497378443192.168.2.4185.228.139.123
            May 24, 2024 07:50:07.599643946 CEST844349737185.228.139.123192.168.2.4
            May 24, 2024 07:50:09.202590942 CEST844349737185.228.139.123192.168.2.4
            May 24, 2024 07:50:09.202682972 CEST497378443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.202775002 CEST497378443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.203202009 CEST497388443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.212481022 CEST844349737185.228.139.123192.168.2.4
            May 24, 2024 07:50:09.259475946 CEST844349738185.228.139.123192.168.2.4
            May 24, 2024 07:50:09.259711027 CEST497388443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.259876013 CEST497388443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.297441006 CEST497398443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.313977957 CEST844349739185.228.139.123192.168.2.4
            May 24, 2024 07:50:09.314074993 CEST497398443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.318993092 CEST844349738185.228.139.123192.168.2.4
            May 24, 2024 07:50:09.319072008 CEST497388443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.344065905 CEST497398443192.168.2.4185.228.139.123
            May 24, 2024 07:50:09.371623039 CEST844349739185.228.139.123192.168.2.4
            May 24, 2024 07:50:10.967089891 CEST844349739185.228.139.123192.168.2.4
            May 24, 2024 07:50:10.967222929 CEST497398443192.168.2.4185.228.139.123
            May 24, 2024 07:50:10.967327118 CEST497398443192.168.2.4185.228.139.123
            May 24, 2024 07:50:10.967705965 CEST497408443192.168.2.4185.228.139.123
            May 24, 2024 07:50:10.980489016 CEST844349739185.228.139.123192.168.2.4
            May 24, 2024 07:50:10.980504990 CEST844349740185.228.139.123192.168.2.4
            May 24, 2024 07:50:10.980695963 CEST497408443192.168.2.4185.228.139.123
            May 24, 2024 07:50:10.981750011 CEST497408443192.168.2.4185.228.139.123
            May 24, 2024 07:50:10.993098974 CEST844349740185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.641896009 CEST844349740185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.641947031 CEST497408443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.646986961 CEST497408443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.647593021 CEST497418443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.695997000 CEST844349740185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.702855110 CEST844349741185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.702960014 CEST497418443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.703290939 CEST497418443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.738204956 CEST844349741185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.738239050 CEST844349741185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.738329887 CEST497418443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.763241053 CEST497428443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.791754007 CEST844349742185.228.139.123192.168.2.4
            May 24, 2024 07:50:12.791857004 CEST497428443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.794135094 CEST497428443192.168.2.4185.228.139.123
            May 24, 2024 07:50:12.801693916 CEST844349742185.228.139.123192.168.2.4
            May 24, 2024 07:50:14.463476896 CEST844349742185.228.139.123192.168.2.4
            May 24, 2024 07:50:14.463641882 CEST497428443192.168.2.4185.228.139.123
            May 24, 2024 07:50:14.853993893 CEST497428443192.168.2.4185.228.139.123
            May 24, 2024 07:50:14.854556084 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:14.860184908 CEST844349742185.228.139.123192.168.2.4
            May 24, 2024 07:50:14.864905119 CEST844349743185.228.139.123192.168.2.4
            May 24, 2024 07:50:14.864991903 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:14.868572950 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:14.922190905 CEST844349743185.228.139.123192.168.2.4
            May 24, 2024 07:50:16.516899109 CEST844349743185.228.139.123192.168.2.4
            May 24, 2024 07:50:16.516973019 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:16.535394907 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:16.535690069 CEST497448443192.168.2.4185.228.139.123
            May 24, 2024 07:50:16.903188944 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.595262051 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.595316887 CEST497448443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.634031057 CEST844349743185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.634041071 CEST844349744185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.634042978 CEST844349743185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.634051085 CEST844349743185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.634058952 CEST844349744185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.634135008 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.634157896 CEST497448443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.634160042 CEST497438443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.634433985 CEST497448443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.634871960 CEST497448443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.643563032 CEST844349744185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.643616915 CEST497448443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.685276031 CEST497468443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.694868088 CEST844349746185.228.139.123192.168.2.4
            May 24, 2024 07:50:17.694941998 CEST497468443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.695205927 CEST497468443192.168.2.4185.228.139.123
            May 24, 2024 07:50:17.712816954 CEST844349746185.228.139.123192.168.2.4
            May 24, 2024 07:50:19.344609022 CEST844349746185.228.139.123192.168.2.4
            May 24, 2024 07:50:19.344875097 CEST497468443192.168.2.4185.228.139.123
            May 24, 2024 07:50:19.344875097 CEST497468443192.168.2.4185.228.139.123
            May 24, 2024 07:50:19.345161915 CEST497498443192.168.2.4185.228.139.123
            May 24, 2024 07:50:19.358213902 CEST844349746185.228.139.123192.168.2.4
            May 24, 2024 07:50:19.409029007 CEST844349749185.228.139.123192.168.2.4
            May 24, 2024 07:50:19.409204960 CEST497498443192.168.2.4185.228.139.123
            May 24, 2024 07:50:19.409606934 CEST497498443192.168.2.4185.228.139.123
            May 24, 2024 07:50:19.501241922 CEST844349749185.228.139.123192.168.2.4
            May 24, 2024 07:50:21.091646910 CEST844349749185.228.139.123192.168.2.4
            May 24, 2024 07:50:21.091727018 CEST497498443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.091794968 CEST497498443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.092233896 CEST497528443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.141355038 CEST844349749185.228.139.123192.168.2.4
            May 24, 2024 07:50:21.141386986 CEST844349752185.228.139.123192.168.2.4
            May 24, 2024 07:50:21.141561031 CEST497528443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.141824961 CEST497528443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.201086044 CEST497538443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.226222038 CEST844349752185.228.139.123192.168.2.4
            May 24, 2024 07:50:21.226411104 CEST497528443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.229446888 CEST844349753185.228.139.123192.168.2.4
            May 24, 2024 07:50:21.229516983 CEST497538443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.229793072 CEST497538443192.168.2.4185.228.139.123
            May 24, 2024 07:50:21.237569094 CEST844349753185.228.139.123192.168.2.4
            May 24, 2024 07:50:22.876033068 CEST844349753185.228.139.123192.168.2.4
            May 24, 2024 07:50:22.876156092 CEST497538443192.168.2.4185.228.139.123
            May 24, 2024 07:50:22.876221895 CEST497538443192.168.2.4185.228.139.123
            May 24, 2024 07:50:22.876580954 CEST497558443192.168.2.4185.228.139.123
            May 24, 2024 07:50:22.886388063 CEST844349753185.228.139.123192.168.2.4
            May 24, 2024 07:50:22.935359001 CEST844349755185.228.139.123192.168.2.4
            May 24, 2024 07:50:22.935569048 CEST497558443192.168.2.4185.228.139.123
            May 24, 2024 07:50:22.935916901 CEST497558443192.168.2.4185.228.139.123
            May 24, 2024 07:50:23.001022100 CEST844349755185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.614877939 CEST844349755185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.615008116 CEST497558443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.615073919 CEST497558443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.615456104 CEST497568443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.676879883 CEST844349755185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.727283001 CEST844349756185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.727384090 CEST497568443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.727688074 CEST497568443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.794687033 CEST497578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.796437979 CEST844349756185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.796472073 CEST844349756185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.796545982 CEST497568443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.801362038 CEST844349757185.228.139.123192.168.2.4
            May 24, 2024 07:50:24.801455021 CEST497578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.801740885 CEST497578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:24.857728004 CEST844349757185.228.139.123192.168.2.4
            May 24, 2024 07:50:26.485340118 CEST844349757185.228.139.123192.168.2.4
            May 24, 2024 07:50:26.485553980 CEST497578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:26.485554934 CEST497578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:26.485817909 CEST497588443192.168.2.4185.228.139.123
            May 24, 2024 07:50:26.496017933 CEST844349757185.228.139.123192.168.2.4
            May 24, 2024 07:50:26.547280073 CEST844349758185.228.139.123192.168.2.4
            May 24, 2024 07:50:26.547360897 CEST497588443192.168.2.4185.228.139.123
            May 24, 2024 07:50:26.548096895 CEST497588443192.168.2.4185.228.139.123
            May 24, 2024 07:50:26.599570036 CEST844349758185.228.139.123192.168.2.4
            May 24, 2024 07:50:28.223404884 CEST844349758185.228.139.123192.168.2.4
            May 24, 2024 07:50:28.223495007 CEST497588443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.223567009 CEST497588443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.223922968 CEST497598443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.275696039 CEST844349758185.228.139.123192.168.2.4
            May 24, 2024 07:50:28.323342085 CEST844349759185.228.139.123192.168.2.4
            May 24, 2024 07:50:28.323465109 CEST497598443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.324064970 CEST497598443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.375644922 CEST844349759185.228.139.123192.168.2.4
            May 24, 2024 07:50:28.375708103 CEST497598443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.404436111 CEST497608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.432257891 CEST844349760185.228.139.123192.168.2.4
            May 24, 2024 07:50:28.432384968 CEST497608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.432899952 CEST497608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:28.488141060 CEST844349760185.228.139.123192.168.2.4
            May 24, 2024 07:50:30.082962990 CEST844349760185.228.139.123192.168.2.4
            May 24, 2024 07:50:30.083076954 CEST497608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:30.083132982 CEST497608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:30.083446980 CEST497618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:30.092797041 CEST844349760185.228.139.123192.168.2.4
            May 24, 2024 07:50:30.139375925 CEST844349761185.228.139.123192.168.2.4
            May 24, 2024 07:50:30.139486074 CEST497618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:30.139951944 CEST497618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:30.203063965 CEST844349761185.228.139.123192.168.2.4
            May 24, 2024 07:50:31.786765099 CEST844349761185.228.139.123192.168.2.4
            May 24, 2024 07:50:31.786849976 CEST497618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:32.689099073 CEST497618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:32.689400911 CEST497628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:32.909729958 CEST844349761185.228.139.123192.168.2.4
            May 24, 2024 07:50:32.909742117 CEST844349762185.228.139.123192.168.2.4
            May 24, 2024 07:50:32.909869909 CEST497628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:32.955689907 CEST497628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:32.963397026 CEST844349762185.228.139.123192.168.2.4
            May 24, 2024 07:50:32.963480949 CEST497628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:33.044764042 CEST497638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:33.051057100 CEST844349763185.228.139.123192.168.2.4
            May 24, 2024 07:50:33.051177979 CEST497638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:33.051419973 CEST497638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:33.105278969 CEST844349763185.228.139.123192.168.2.4
            May 24, 2024 07:50:34.721501112 CEST844349763185.228.139.123192.168.2.4
            May 24, 2024 07:50:34.721606970 CEST497638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:34.721671104 CEST497638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:34.722168922 CEST497648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:34.771723032 CEST844349763185.228.139.123192.168.2.4
            May 24, 2024 07:50:34.822614908 CEST844349764185.228.139.123192.168.2.4
            May 24, 2024 07:50:34.822829008 CEST497648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:34.823838949 CEST497648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:34.876779079 CEST844349764185.228.139.123192.168.2.4
            May 24, 2024 07:50:36.460361004 CEST844349764185.228.139.123192.168.2.4
            May 24, 2024 07:50:36.460779905 CEST497648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.460779905 CEST497648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.460937023 CEST497658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.470655918 CEST844349764185.228.139.123192.168.2.4
            May 24, 2024 07:50:36.523433924 CEST844349765185.228.139.123192.168.2.4
            May 24, 2024 07:50:36.523746014 CEST497658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.523905039 CEST497658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.575776100 CEST844349765185.228.139.123192.168.2.4
            May 24, 2024 07:50:36.576062918 CEST497658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.623264074 CEST497668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.628336906 CEST844349766185.228.139.123192.168.2.4
            May 24, 2024 07:50:36.628424883 CEST497668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.628840923 CEST497668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:36.679661989 CEST844349766185.228.139.123192.168.2.4
            May 24, 2024 07:50:38.306895971 CEST844349766185.228.139.123192.168.2.4
            May 24, 2024 07:50:38.307105064 CEST497668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:38.307105064 CEST497668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:38.307389021 CEST497678443192.168.2.4185.228.139.123
            May 24, 2024 07:50:38.317017078 CEST844349766185.228.139.123192.168.2.4
            May 24, 2024 07:50:38.326788902 CEST844349767185.228.139.123192.168.2.4
            May 24, 2024 07:50:38.326997995 CEST497678443192.168.2.4185.228.139.123
            May 24, 2024 07:50:38.327383995 CEST497678443192.168.2.4185.228.139.123
            May 24, 2024 07:50:38.383584023 CEST844349767185.228.139.123192.168.2.4
            May 24, 2024 07:50:40.001297951 CEST844349767185.228.139.123192.168.2.4
            May 24, 2024 07:50:40.001477003 CEST497678443192.168.2.4185.228.139.123
            May 24, 2024 07:50:40.001477957 CEST497678443192.168.2.4185.228.139.123
            May 24, 2024 07:50:40.001913071 CEST497688443192.168.2.4185.228.139.123
            May 24, 2024 07:50:40.013858080 CEST844349767185.228.139.123192.168.2.4
            May 24, 2024 07:50:40.060795069 CEST844349768185.228.139.123192.168.2.4
            May 24, 2024 07:50:40.060915947 CEST497688443192.168.2.4185.228.139.123
            May 24, 2024 07:50:40.061225891 CEST497688443192.168.2.4185.228.139.123
            May 24, 2024 07:50:40.112550974 CEST844349768185.228.139.123192.168.2.4
            May 24, 2024 07:50:40.112647057 CEST497688443192.168.2.4185.228.139.123
            May 24, 2024 07:50:41.077400923 CEST497698443192.168.2.4185.228.139.123
            May 24, 2024 07:50:41.099611044 CEST844349769185.228.139.123192.168.2.4
            May 24, 2024 07:50:41.099713087 CEST497698443192.168.2.4185.228.139.123
            May 24, 2024 07:50:41.100111008 CEST497698443192.168.2.4185.228.139.123
            May 24, 2024 07:50:41.155755997 CEST844349769185.228.139.123192.168.2.4
            May 24, 2024 07:50:42.740243912 CEST844349769185.228.139.123192.168.2.4
            May 24, 2024 07:50:42.740462065 CEST497698443192.168.2.4185.228.139.123
            May 24, 2024 07:50:42.740462065 CEST497698443192.168.2.4185.228.139.123
            May 24, 2024 07:50:42.740870953 CEST497708443192.168.2.4185.228.139.123
            May 24, 2024 07:50:42.750885963 CEST844349769185.228.139.123192.168.2.4
            May 24, 2024 07:50:42.803369045 CEST844349770185.228.139.123192.168.2.4
            May 24, 2024 07:50:42.803591013 CEST497708443192.168.2.4185.228.139.123
            May 24, 2024 07:50:42.804001093 CEST497708443192.168.2.4185.228.139.123
            May 24, 2024 07:50:42.855690002 CEST844349770185.228.139.123192.168.2.4
            May 24, 2024 07:50:44.445020914 CEST844349770185.228.139.123192.168.2.4
            May 24, 2024 07:50:44.445135117 CEST497708443192.168.2.4185.228.139.123
            May 24, 2024 07:50:44.445194960 CEST497708443192.168.2.4185.228.139.123
            May 24, 2024 07:50:44.445600986 CEST497718443192.168.2.4185.228.139.123
            May 24, 2024 07:50:44.455276012 CEST844349770185.228.139.123192.168.2.4
            May 24, 2024 07:50:44.503396034 CEST844349771185.228.139.123192.168.2.4
            May 24, 2024 07:50:44.503510952 CEST497718443192.168.2.4185.228.139.123
            May 24, 2024 07:50:44.504209042 CEST497718443192.168.2.4185.228.139.123
            May 24, 2024 07:50:44.559885979 CEST844349771185.228.139.123192.168.2.4
            May 24, 2024 07:50:44.559993029 CEST497718443192.168.2.4185.228.139.123
            May 24, 2024 07:50:45.608033895 CEST497728443192.168.2.4185.228.139.123
            May 24, 2024 07:50:45.613140106 CEST844349772185.228.139.123192.168.2.4
            May 24, 2024 07:50:45.613259077 CEST497728443192.168.2.4185.228.139.123
            May 24, 2024 07:50:45.613677025 CEST497728443192.168.2.4185.228.139.123
            May 24, 2024 07:50:45.663840055 CEST844349772185.228.139.123192.168.2.4
            May 24, 2024 07:50:47.292994022 CEST844349772185.228.139.123192.168.2.4
            May 24, 2024 07:50:47.293086052 CEST497728443192.168.2.4185.228.139.123
            May 24, 2024 07:50:47.293145895 CEST497728443192.168.2.4185.228.139.123
            May 24, 2024 07:50:47.293524027 CEST612578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:47.308651924 CEST844349772185.228.139.123192.168.2.4
            May 24, 2024 07:50:47.308666945 CEST844361257185.228.139.123192.168.2.4
            May 24, 2024 07:50:47.308746099 CEST612578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:47.309082985 CEST612578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:47.341916084 CEST844361257185.228.139.123192.168.2.4
            May 24, 2024 07:50:48.964163065 CEST844361257185.228.139.123192.168.2.4
            May 24, 2024 07:50:48.964247942 CEST612578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:49.232139111 CEST612578443192.168.2.4185.228.139.123
            May 24, 2024 07:50:49.232522964 CEST612608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:49.237188101 CEST844361257185.228.139.123192.168.2.4
            May 24, 2024 07:50:49.283421040 CEST844361260185.228.139.123192.168.2.4
            May 24, 2024 07:50:49.283601999 CEST612608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:49.533135891 CEST612608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:49.538367987 CEST844361260185.228.139.123192.168.2.4
            May 24, 2024 07:50:49.538439989 CEST612608443192.168.2.4185.228.139.123
            May 24, 2024 07:50:50.748054028 CEST612618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:51.601814032 CEST844361261185.228.139.123192.168.2.4
            May 24, 2024 07:50:51.601939917 CEST612618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:51.602413893 CEST612618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:51.611651897 CEST844361261185.228.139.123192.168.2.4
            May 24, 2024 07:50:53.281527042 CEST844361261185.228.139.123192.168.2.4
            May 24, 2024 07:50:53.281614065 CEST612618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:53.288541079 CEST612618443192.168.2.4185.228.139.123
            May 24, 2024 07:50:53.295463085 CEST844361261185.228.139.123192.168.2.4
            May 24, 2024 07:50:53.299022913 CEST612628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:53.354929924 CEST844361262185.228.139.123192.168.2.4
            May 24, 2024 07:50:53.355936050 CEST612628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:53.355937004 CEST612628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:53.365645885 CEST844361262185.228.139.123192.168.2.4
            May 24, 2024 07:50:54.998533010 CEST844361262185.228.139.123192.168.2.4
            May 24, 2024 07:50:54.998707056 CEST612628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:54.998707056 CEST612628443192.168.2.4185.228.139.123
            May 24, 2024 07:50:54.999201059 CEST612638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:55.008244038 CEST844361262185.228.139.123192.168.2.4
            May 24, 2024 07:50:55.014990091 CEST844361263185.228.139.123192.168.2.4
            May 24, 2024 07:50:55.015333891 CEST612638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:55.015335083 CEST612638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:55.072196960 CEST844361263185.228.139.123192.168.2.4
            May 24, 2024 07:50:55.072271109 CEST612638443192.168.2.4185.228.139.123
            May 24, 2024 07:50:56.326174021 CEST612648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:56.379997969 CEST844361264185.228.139.123192.168.2.4
            May 24, 2024 07:50:56.380110979 CEST612648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:56.380633116 CEST612648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:56.426193953 CEST844361264185.228.139.123192.168.2.4
            May 24, 2024 07:50:58.048588991 CEST844361264185.228.139.123192.168.2.4
            May 24, 2024 07:50:58.048671007 CEST612648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:58.048721075 CEST612648443192.168.2.4185.228.139.123
            May 24, 2024 07:50:58.049098015 CEST612658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:58.099509001 CEST844361264185.228.139.123192.168.2.4
            May 24, 2024 07:50:58.147301912 CEST844361265185.228.139.123192.168.2.4
            May 24, 2024 07:50:58.147409916 CEST612658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:58.148988962 CEST612658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:58.199455023 CEST844361265185.228.139.123192.168.2.4
            May 24, 2024 07:50:59.802598000 CEST844361265185.228.139.123192.168.2.4
            May 24, 2024 07:50:59.802705050 CEST612658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:59.802900076 CEST612658443192.168.2.4185.228.139.123
            May 24, 2024 07:50:59.803699017 CEST612668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:59.819475889 CEST844361265185.228.139.123192.168.2.4
            May 24, 2024 07:50:59.819489956 CEST844361266185.228.139.123192.168.2.4
            May 24, 2024 07:50:59.819633007 CEST612668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:59.820274115 CEST612668443192.168.2.4185.228.139.123
            May 24, 2024 07:50:59.829549074 CEST844361266185.228.139.123192.168.2.4
            May 24, 2024 07:50:59.829634905 CEST612668443192.168.2.4185.228.139.123
            May 24, 2024 07:51:01.233113050 CEST612678443192.168.2.4185.228.139.123
            May 24, 2024 07:51:01.238431931 CEST844361267185.228.139.123192.168.2.4
            May 24, 2024 07:51:01.238514900 CEST612678443192.168.2.4185.228.139.123
            May 24, 2024 07:51:01.238811970 CEST612678443192.168.2.4185.228.139.123
            May 24, 2024 07:51:01.291510105 CEST844361267185.228.139.123192.168.2.4
            May 24, 2024 07:51:02.884418964 CEST844361267185.228.139.123192.168.2.4
            May 24, 2024 07:51:02.884530067 CEST612678443192.168.2.4185.228.139.123
            May 24, 2024 07:51:02.884674072 CEST612678443192.168.2.4185.228.139.123
            May 24, 2024 07:51:02.885489941 CEST612688443192.168.2.4185.228.139.123
            May 24, 2024 07:51:02.939552069 CEST844361267185.228.139.123192.168.2.4
            May 24, 2024 07:51:02.956578016 CEST844361268185.228.139.123192.168.2.4
            May 24, 2024 07:51:02.956643105 CEST612688443192.168.2.4185.228.139.123
            May 24, 2024 07:51:02.957089901 CEST612688443192.168.2.4185.228.139.123
            May 24, 2024 07:51:03.005659103 CEST844361268185.228.139.123192.168.2.4
            May 24, 2024 07:51:04.635452032 CEST844361268185.228.139.123192.168.2.4
            May 24, 2024 07:51:04.635544062 CEST612688443192.168.2.4185.228.139.123
            May 24, 2024 07:51:04.635582924 CEST612688443192.168.2.4185.228.139.123
            May 24, 2024 07:51:04.635895967 CEST612698443192.168.2.4185.228.139.123
            May 24, 2024 07:51:04.645329952 CEST844361268185.228.139.123192.168.2.4
            May 24, 2024 07:51:04.695321083 CEST844361269185.228.139.123192.168.2.4
            May 24, 2024 07:51:04.695410967 CEST612698443192.168.2.4185.228.139.123
            May 24, 2024 07:51:04.695841074 CEST612698443192.168.2.4185.228.139.123
            May 24, 2024 07:51:04.747688055 CEST844361269185.228.139.123192.168.2.4
            May 24, 2024 07:51:04.747860909 CEST612698443192.168.2.4185.228.139.123
            May 24, 2024 07:51:06.298672915 CEST612708443192.168.2.4185.228.139.123
            May 24, 2024 07:51:06.303764105 CEST844361270185.228.139.123192.168.2.4
            May 24, 2024 07:51:06.303831100 CEST612708443192.168.2.4185.228.139.123
            May 24, 2024 07:51:06.304116964 CEST612708443192.168.2.4185.228.139.123
            May 24, 2024 07:51:06.355595112 CEST844361270185.228.139.123192.168.2.4
            May 24, 2024 07:51:07.948945045 CEST844361270185.228.139.123192.168.2.4
            May 24, 2024 07:51:07.949019909 CEST612708443192.168.2.4185.228.139.123
            May 24, 2024 07:51:08.674143076 CEST612708443192.168.2.4185.228.139.123
            May 24, 2024 07:51:08.674455881 CEST612718443192.168.2.4185.228.139.123
            May 24, 2024 07:51:08.699821949 CEST844361270185.228.139.123192.168.2.4
            May 24, 2024 07:51:08.747714996 CEST844361271185.228.139.123192.168.2.4
            May 24, 2024 07:51:08.747816086 CEST612718443192.168.2.4185.228.139.123
            May 24, 2024 07:51:08.757234097 CEST612718443192.168.2.4185.228.139.123
            May 24, 2024 07:51:08.800141096 CEST844361271185.228.139.123192.168.2.4
            May 24, 2024 07:51:10.406096935 CEST844361271185.228.139.123192.168.2.4
            May 24, 2024 07:51:10.406233072 CEST612718443192.168.2.4185.228.139.123
            May 24, 2024 07:51:10.406270027 CEST612718443192.168.2.4185.228.139.123
            May 24, 2024 07:51:10.406605005 CEST612728443192.168.2.4185.228.139.123
            May 24, 2024 07:51:10.420506001 CEST844361271185.228.139.123192.168.2.4
            May 24, 2024 07:51:10.471599102 CEST844361272185.228.139.123192.168.2.4
            May 24, 2024 07:51:10.471818924 CEST612728443192.168.2.4185.228.139.123
            May 24, 2024 07:51:10.472135067 CEST612728443192.168.2.4185.228.139.123
            May 24, 2024 07:51:10.523879051 CEST844361272185.228.139.123192.168.2.4
            May 24, 2024 07:51:10.524101019 CEST612728443192.168.2.4185.228.139.123
            May 24, 2024 07:51:12.087078094 CEST612738443192.168.2.4185.228.139.123
            May 24, 2024 07:51:12.110553980 CEST844361273185.228.139.123192.168.2.4
            May 24, 2024 07:51:12.110673904 CEST612738443192.168.2.4185.228.139.123
            May 24, 2024 07:51:12.112073898 CEST612738443192.168.2.4185.228.139.123
            May 24, 2024 07:51:12.126550913 CEST844361273185.228.139.123192.168.2.4
            May 24, 2024 07:51:13.778755903 CEST844361273185.228.139.123192.168.2.4
            May 24, 2024 07:51:13.778856993 CEST612738443192.168.2.4185.228.139.123
            May 24, 2024 07:51:13.778918982 CEST612738443192.168.2.4185.228.139.123
            May 24, 2024 07:51:13.779303074 CEST612748443192.168.2.4185.228.139.123
            May 24, 2024 07:51:13.788569927 CEST844361273185.228.139.123192.168.2.4
            May 24, 2024 07:51:13.788583040 CEST844361274185.228.139.123192.168.2.4
            May 24, 2024 07:51:13.788798094 CEST612748443192.168.2.4185.228.139.123
            May 24, 2024 07:51:13.789139032 CEST612748443192.168.2.4185.228.139.123
            May 24, 2024 07:51:13.799715042 CEST844361274185.228.139.123192.168.2.4
            May 24, 2024 07:51:15.433597088 CEST844361274185.228.139.123192.168.2.4
            May 24, 2024 07:51:15.433808088 CEST612748443192.168.2.4185.228.139.123
            May 24, 2024 07:51:15.441307068 CEST612748443192.168.2.4185.228.139.123
            May 24, 2024 07:51:15.441653967 CEST612758443192.168.2.4185.228.139.123
            May 24, 2024 07:51:15.463186979 CEST844361274185.228.139.123192.168.2.4
            May 24, 2024 07:51:15.463223934 CEST844361275185.228.139.123192.168.2.4
            May 24, 2024 07:51:15.463469028 CEST612758443192.168.2.4185.228.139.123
            May 24, 2024 07:51:15.463706970 CEST612758443192.168.2.4185.228.139.123
            May 24, 2024 07:51:15.475672960 CEST844361275185.228.139.123192.168.2.4
            May 24, 2024 07:51:15.475969076 CEST612758443192.168.2.4185.228.139.123
            May 24, 2024 07:51:17.171736002 CEST612768443192.168.2.4185.228.139.123
            May 24, 2024 07:51:17.176858902 CEST844361276185.228.139.123192.168.2.4
            May 24, 2024 07:51:17.176960945 CEST612768443192.168.2.4185.228.139.123
            May 24, 2024 07:51:17.177346945 CEST612768443192.168.2.4185.228.139.123
            May 24, 2024 07:51:17.227514982 CEST844361276185.228.139.123192.168.2.4
            May 24, 2024 07:51:18.825717926 CEST844361276185.228.139.123192.168.2.4
            May 24, 2024 07:51:18.825901985 CEST612768443192.168.2.4185.228.139.123
            May 24, 2024 07:51:18.825901985 CEST612768443192.168.2.4185.228.139.123
            May 24, 2024 07:51:18.826143026 CEST612778443192.168.2.4185.228.139.123
            May 24, 2024 07:51:18.883723974 CEST844361276185.228.139.123192.168.2.4
            May 24, 2024 07:51:18.935388088 CEST844361277185.228.139.123192.168.2.4
            May 24, 2024 07:51:18.935576916 CEST612778443192.168.2.4185.228.139.123
            May 24, 2024 07:51:18.936283112 CEST612778443192.168.2.4185.228.139.123
            May 24, 2024 07:51:18.987744093 CEST844361277185.228.139.123192.168.2.4
            May 24, 2024 07:51:20.597946882 CEST844361277185.228.139.123192.168.2.4
            May 24, 2024 07:51:20.598208904 CEST612778443192.168.2.4185.228.139.123
            May 24, 2024 07:51:20.598306894 CEST612778443192.168.2.4185.228.139.123
            May 24, 2024 07:51:20.599250078 CEST612788443192.168.2.4185.228.139.123
            May 24, 2024 07:51:20.655643940 CEST844361277185.228.139.123192.168.2.4
            May 24, 2024 07:51:20.707297087 CEST844361278185.228.139.123192.168.2.4
            May 24, 2024 07:51:20.707509041 CEST612788443192.168.2.4185.228.139.123
            May 24, 2024 07:51:20.708287954 CEST612788443192.168.2.4185.228.139.123
            May 24, 2024 07:51:20.719629049 CEST844361278185.228.139.123192.168.2.4
            May 24, 2024 07:51:20.719712019 CEST612788443192.168.2.4185.228.139.123
            May 24, 2024 07:51:22.513709068 CEST612798443192.168.2.4185.228.139.123
            May 24, 2024 07:51:22.518785954 CEST844361279185.228.139.123192.168.2.4
            May 24, 2024 07:51:22.518882036 CEST612798443192.168.2.4185.228.139.123
            May 24, 2024 07:51:22.519263029 CEST612798443192.168.2.4185.228.139.123
            May 24, 2024 07:51:22.575517893 CEST844361279185.228.139.123192.168.2.4
            May 24, 2024 07:51:24.178803921 CEST844361279185.228.139.123192.168.2.4
            May 24, 2024 07:51:24.179030895 CEST612798443192.168.2.4185.228.139.123
            May 24, 2024 07:51:26.102833033 CEST612798443192.168.2.4185.228.139.123
            May 24, 2024 07:51:26.103050947 CEST612808443192.168.2.4185.228.139.123
            May 24, 2024 07:51:26.248821020 CEST844361279185.228.139.123192.168.2.4
            May 24, 2024 07:51:26.253495932 CEST844361280185.228.139.123192.168.2.4
            May 24, 2024 07:51:26.253570080 CEST612808443192.168.2.4185.228.139.123
            May 24, 2024 07:51:26.254350901 CEST612808443192.168.2.4185.228.139.123
            May 24, 2024 07:51:26.266360044 CEST844361280185.228.139.123192.168.2.4
            May 24, 2024 07:51:27.904716015 CEST844361280185.228.139.123192.168.2.4
            May 24, 2024 07:51:27.904815912 CEST612808443192.168.2.4185.228.139.123
            May 24, 2024 07:51:27.904865026 CEST612808443192.168.2.4185.228.139.123
            May 24, 2024 07:51:27.905205011 CEST612818443192.168.2.4185.228.139.123
            May 24, 2024 07:51:27.953938961 CEST844361280185.228.139.123192.168.2.4
            May 24, 2024 07:51:27.958878040 CEST844361281185.228.139.123192.168.2.4
            May 24, 2024 07:51:27.958972931 CEST612818443192.168.2.4185.228.139.123
            May 24, 2024 07:51:27.959330082 CEST612818443192.168.2.4185.228.139.123
            May 24, 2024 07:51:27.968897104 CEST844361281185.228.139.123192.168.2.4
            May 24, 2024 07:51:27.968961954 CEST612818443192.168.2.4185.228.139.123
            May 24, 2024 07:51:29.873092890 CEST612828443192.168.2.4185.228.139.123
            May 24, 2024 07:51:29.880301952 CEST844361282185.228.139.123192.168.2.4
            May 24, 2024 07:51:29.880412102 CEST612828443192.168.2.4185.228.139.123
            May 24, 2024 07:51:29.880727053 CEST612828443192.168.2.4185.228.139.123
            May 24, 2024 07:51:29.935530901 CEST844361282185.228.139.123192.168.2.4
            May 24, 2024 07:51:31.511449099 CEST844361282185.228.139.123192.168.2.4
            May 24, 2024 07:51:31.511574030 CEST612828443192.168.2.4185.228.139.123
            May 24, 2024 07:51:31.511621952 CEST612828443192.168.2.4185.228.139.123
            May 24, 2024 07:51:31.511960983 CEST612838443192.168.2.4185.228.139.123
            May 24, 2024 07:51:31.567028046 CEST844361282185.228.139.123192.168.2.4
            May 24, 2024 07:51:31.615518093 CEST844361283185.228.139.123192.168.2.4
            May 24, 2024 07:51:31.615647078 CEST612838443192.168.2.4185.228.139.123
            May 24, 2024 07:51:31.616261005 CEST612838443192.168.2.4185.228.139.123
            May 24, 2024 07:51:31.667819023 CEST844361283185.228.139.123192.168.2.4
            May 24, 2024 07:51:33.269074917 CEST844361283185.228.139.123192.168.2.4
            May 24, 2024 07:51:33.269200087 CEST612838443192.168.2.4185.228.139.123
            May 24, 2024 07:51:33.269315004 CEST612838443192.168.2.4185.228.139.123
            May 24, 2024 07:51:33.269756079 CEST612848443192.168.2.4185.228.139.123
            May 24, 2024 07:51:33.319770098 CEST844361283185.228.139.123192.168.2.4
            May 24, 2024 07:51:33.371483088 CEST844361284185.228.139.123192.168.2.4
            May 24, 2024 07:51:33.371794939 CEST612848443192.168.2.4185.228.139.123
            May 24, 2024 07:51:33.372955084 CEST612848443192.168.2.4185.228.139.123
            May 24, 2024 07:51:33.424664974 CEST844361284185.228.139.123192.168.2.4
            May 24, 2024 07:51:33.424787045 CEST612848443192.168.2.4185.228.139.123
            May 24, 2024 07:51:35.388930082 CEST612858443192.168.2.4185.228.139.123
            May 24, 2024 07:51:35.394375086 CEST844361285185.228.139.123192.168.2.4
            May 24, 2024 07:51:35.394471884 CEST612858443192.168.2.4185.228.139.123
            May 24, 2024 07:51:35.394854069 CEST612858443192.168.2.4185.228.139.123
            May 24, 2024 07:51:35.448174953 CEST844361285185.228.139.123192.168.2.4
            May 24, 2024 07:51:37.034965992 CEST844361285185.228.139.123192.168.2.4
            May 24, 2024 07:51:37.035041094 CEST612858443192.168.2.4185.228.139.123
            May 24, 2024 07:51:37.039355993 CEST612858443192.168.2.4185.228.139.123
            May 24, 2024 07:51:37.039621115 CEST612868443192.168.2.4185.228.139.123
            May 24, 2024 07:51:37.090297937 CEST844361285185.228.139.123192.168.2.4
            May 24, 2024 07:51:37.135485888 CEST844361286185.228.139.123192.168.2.4
            May 24, 2024 07:51:37.135587931 CEST612868443192.168.2.4185.228.139.123
            May 24, 2024 07:51:37.155514002 CEST612868443192.168.2.4185.228.139.123
            May 24, 2024 07:51:37.191551924 CEST844361286185.228.139.123192.168.2.4
            May 24, 2024 07:51:38.782378912 CEST844361286185.228.139.123192.168.2.4
            May 24, 2024 07:51:38.782476902 CEST612868443192.168.2.4185.228.139.123
            May 24, 2024 07:51:38.782533884 CEST612868443192.168.2.4185.228.139.123
            May 24, 2024 07:51:38.782824039 CEST612878443192.168.2.4185.228.139.123
            May 24, 2024 07:51:38.792573929 CEST844361286185.228.139.123192.168.2.4
            May 24, 2024 07:51:38.839420080 CEST844361287185.228.139.123192.168.2.4
            May 24, 2024 07:51:38.839831114 CEST612878443192.168.2.4185.228.139.123
            May 24, 2024 07:51:38.840003014 CEST612878443192.168.2.4185.228.139.123
            May 24, 2024 07:51:38.891804934 CEST844361287185.228.139.123192.168.2.4
            May 24, 2024 07:51:38.891866922 CEST612878443192.168.2.4185.228.139.123
            May 24, 2024 07:51:40.951109886 CEST612888443192.168.2.4185.228.139.123
            May 24, 2024 07:51:40.956499100 CEST844361288185.228.139.123192.168.2.4
            May 24, 2024 07:51:40.956612110 CEST612888443192.168.2.4185.228.139.123
            May 24, 2024 07:51:40.956890106 CEST612888443192.168.2.4185.228.139.123
            May 24, 2024 07:51:41.015827894 CEST844361288185.228.139.123192.168.2.4
            May 24, 2024 07:51:42.612543106 CEST844361288185.228.139.123192.168.2.4
            May 24, 2024 07:51:42.612783909 CEST612888443192.168.2.4185.228.139.123
            May 24, 2024 07:51:42.612783909 CEST612888443192.168.2.4185.228.139.123
            May 24, 2024 07:51:42.613023043 CEST612898443192.168.2.4185.228.139.123
            May 24, 2024 07:51:42.623807907 CEST844361288185.228.139.123192.168.2.4
            May 24, 2024 07:51:42.671427965 CEST844361289185.228.139.123192.168.2.4
            May 24, 2024 07:51:42.671639919 CEST612898443192.168.2.4185.228.139.123
            May 24, 2024 07:51:42.671974897 CEST612898443192.168.2.4185.228.139.123
            May 24, 2024 07:51:42.733867884 CEST844361289185.228.139.123192.168.2.4
            May 24, 2024 07:51:44.344003916 CEST844361289185.228.139.123192.168.2.4
            May 24, 2024 07:51:44.344234943 CEST612898443192.168.2.4185.228.139.123
            May 24, 2024 07:51:44.344234943 CEST612898443192.168.2.4185.228.139.123
            May 24, 2024 07:51:44.344604969 CEST612908443192.168.2.4185.228.139.123
            May 24, 2024 07:51:44.395518064 CEST844361289185.228.139.123192.168.2.4
            May 24, 2024 07:51:44.447447062 CEST844361290185.228.139.123192.168.2.4
            May 24, 2024 07:51:44.447715998 CEST612908443192.168.2.4185.228.139.123
            May 24, 2024 07:51:44.504586935 CEST612908443192.168.2.4185.228.139.123
            May 24, 2024 07:51:44.510118008 CEST844361290185.228.139.123192.168.2.4
            May 24, 2024 07:51:44.510191917 CEST612908443192.168.2.4185.228.139.123
            May 24, 2024 07:51:46.724798918 CEST612918443192.168.2.4185.228.139.123
            May 24, 2024 07:51:46.729938984 CEST844361291185.228.139.123192.168.2.4
            May 24, 2024 07:51:46.730038881 CEST612918443192.168.2.4185.228.139.123
            May 24, 2024 07:51:46.731173992 CEST612918443192.168.2.4185.228.139.123
            May 24, 2024 07:51:46.748780012 CEST844361291185.228.139.123192.168.2.4
            May 24, 2024 07:51:48.378154993 CEST844361291185.228.139.123192.168.2.4
            May 24, 2024 07:51:48.378317118 CEST612918443192.168.2.4185.228.139.123
            May 24, 2024 07:51:48.378631115 CEST612918443192.168.2.4185.228.139.123
            May 24, 2024 07:51:48.378634930 CEST612928443192.168.2.4185.228.139.123
            May 24, 2024 07:51:48.431626081 CEST844361291185.228.139.123192.168.2.4
            May 24, 2024 07:51:48.483369112 CEST844361292185.228.139.123192.168.2.4
            May 24, 2024 07:51:48.483465910 CEST612928443192.168.2.4185.228.139.123
            May 24, 2024 07:51:48.483907938 CEST612928443192.168.2.4185.228.139.123
            May 24, 2024 07:51:48.535443068 CEST844361292185.228.139.123192.168.2.4
            May 24, 2024 07:51:50.148024082 CEST844361292185.228.139.123192.168.2.4
            May 24, 2024 07:51:50.148165941 CEST612928443192.168.2.4185.228.139.123
            May 24, 2024 07:51:50.148217916 CEST612928443192.168.2.4185.228.139.123
            May 24, 2024 07:51:50.148595095 CEST612938443192.168.2.4185.228.139.123
            May 24, 2024 07:51:50.196439028 CEST844361292185.228.139.123192.168.2.4
            May 24, 2024 07:51:50.196460962 CEST844361293185.228.139.123192.168.2.4
            May 24, 2024 07:51:50.196597099 CEST612938443192.168.2.4185.228.139.123
            May 24, 2024 07:51:50.197396040 CEST612938443192.168.2.4185.228.139.123
            May 24, 2024 07:51:50.215200901 CEST844361293185.228.139.123192.168.2.4
            May 24, 2024 07:51:50.215260983 CEST612938443192.168.2.4185.228.139.123
            May 24, 2024 07:51:52.540781021 CEST612948443192.168.2.4185.228.139.123
            May 24, 2024 07:51:52.545861959 CEST844361294185.228.139.123192.168.2.4
            May 24, 2024 07:51:52.545964956 CEST612948443192.168.2.4185.228.139.123
            May 24, 2024 07:51:52.566368103 CEST612948443192.168.2.4185.228.139.123
            May 24, 2024 07:51:52.599509001 CEST844361294185.228.139.123192.168.2.4
            May 24, 2024 07:51:54.187094927 CEST844361294185.228.139.123192.168.2.4
            May 24, 2024 07:51:54.187216997 CEST612948443192.168.2.4185.228.139.123
            May 24, 2024 07:51:54.187443972 CEST612948443192.168.2.4185.228.139.123
            May 24, 2024 07:51:54.188308001 CEST612958443192.168.2.4185.228.139.123
            May 24, 2024 07:51:54.239695072 CEST844361294185.228.139.123192.168.2.4
            May 24, 2024 07:51:54.291834116 CEST844361295185.228.139.123192.168.2.4
            May 24, 2024 07:51:54.292005062 CEST612958443192.168.2.4185.228.139.123
            May 24, 2024 07:51:54.293138981 CEST612958443192.168.2.4185.228.139.123
            May 24, 2024 07:51:54.343647003 CEST844361295185.228.139.123192.168.2.4
            May 24, 2024 07:51:55.943749905 CEST844361295185.228.139.123192.168.2.4
            May 24, 2024 07:51:55.943851948 CEST612958443192.168.2.4185.228.139.123
            May 24, 2024 07:51:55.966387033 CEST612958443192.168.2.4185.228.139.123
            May 24, 2024 07:51:55.966744900 CEST612968443192.168.2.4185.228.139.123
            May 24, 2024 07:51:55.998806953 CEST844361295185.228.139.123192.168.2.4
            May 24, 2024 07:51:56.047382116 CEST844361296185.228.139.123192.168.2.4
            May 24, 2024 07:51:56.047605038 CEST612968443192.168.2.4185.228.139.123
            May 24, 2024 07:51:56.080804110 CEST612968443192.168.2.4185.228.139.123
            May 24, 2024 07:51:56.100476027 CEST844361296185.228.139.123192.168.2.4
            May 24, 2024 07:51:56.100528955 CEST612968443192.168.2.4185.228.139.123
            May 24, 2024 07:51:58.482544899 CEST612978443192.168.2.4185.228.139.123
            May 24, 2024 07:51:58.487586975 CEST844361297185.228.139.123192.168.2.4
            May 24, 2024 07:51:58.487728119 CEST612978443192.168.2.4185.228.139.123
            May 24, 2024 07:51:58.488168955 CEST612978443192.168.2.4185.228.139.123
            May 24, 2024 07:51:58.539434910 CEST844361297185.228.139.123192.168.2.4
            May 24, 2024 07:52:00.128885031 CEST844361297185.228.139.123192.168.2.4
            May 24, 2024 07:52:00.129053116 CEST612978443192.168.2.4185.228.139.123
            May 24, 2024 07:52:00.129053116 CEST612978443192.168.2.4185.228.139.123
            May 24, 2024 07:52:00.129328012 CEST612988443192.168.2.4185.228.139.123
            May 24, 2024 07:52:00.179526091 CEST844361297185.228.139.123192.168.2.4
            May 24, 2024 07:52:00.227325916 CEST844361298185.228.139.123192.168.2.4
            May 24, 2024 07:52:00.227544069 CEST612988443192.168.2.4185.228.139.123
            May 24, 2024 07:52:00.227881908 CEST612988443192.168.2.4185.228.139.123
            May 24, 2024 07:52:00.279517889 CEST844361298185.228.139.123192.168.2.4
            May 24, 2024 07:52:01.868292093 CEST844361298185.228.139.123192.168.2.4
            May 24, 2024 07:52:01.868542910 CEST612988443192.168.2.4185.228.139.123
            May 24, 2024 07:52:02.715120077 CEST612988443192.168.2.4185.228.139.123
            May 24, 2024 07:52:02.715399027 CEST612998443192.168.2.4185.228.139.123
            May 24, 2024 07:52:02.720119953 CEST844361298185.228.139.123192.168.2.4
            May 24, 2024 07:52:02.771280050 CEST844361299185.228.139.123192.168.2.4
            May 24, 2024 07:52:02.771352053 CEST612998443192.168.2.4185.228.139.123
            May 24, 2024 07:52:02.771857023 CEST612998443192.168.2.4185.228.139.123
            May 24, 2024 07:52:02.781155109 CEST844361299185.228.139.123192.168.2.4
            May 24, 2024 07:52:02.781200886 CEST612998443192.168.2.4185.228.139.123

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 24, 2024 07:50:46.773473024 CEST5355766162.159.36.2192.168.2.4
            May 24, 2024 07:50:47.302624941 CEST53621781.1.1.1192.168.2.4

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:01:49:57
            Start date:24/05/2024
            Path:C:\Users\user\Desktop\cracked.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\cracked.exe"
            Imagebase:0x400000
            File size:251'904 bytes
            MD5 hash:41B1B1F3940C54BF207A9E6F7D0EADA6
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_Meterpreter, Description: Yara detected Meterpreter, Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: MALWARE_Win_Meterpreter, Description: Detects Meterpreter payload, Source: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_Meterpreter, Description: Yara detected Meterpreter, Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
            • Rule: MALWARE_Win_Meterpreter, Description: Detects Meterpreter payload, Source: 00000000.00000000.1628130648.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Author: ditekSHen
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:1%
              Dynamic/Decrypted Code Coverage:97.3%
              Signature Coverage:6.4%
              Total number of Nodes:373
              Total number of Limit Nodes:12
              execution_graph 35766 41a568 35767 41a58a 35766->35767 35768 41a5b0 GetPEB 35767->35768 35769 41a7ae VirtualAlloc 35768->35769 35772 41a5db 35768->35772 35776 41a7d0 35769->35776 35770 41a833 LoadLibraryA 35770->35776 35771 41aa40 35778 7b3a0a 35771->35778 35772->35769 35774 41aa29 VirtualProtect 35775 41a8af 35774->35775 35775->35771 35775->35774 35776->35770 35776->35775 35779 7b3a18 35778->35779 35780 7b3a13 35778->35780 35784 7b3a2d 35779->35784 35796 7b8780 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 35780->35796 35783 41aa59 35786 7b3a39 __lseeki64 35784->35786 35785 7b3a87 35787 7b3ae4 __lseeki64 35785->35787 35847 7a575e 35785->35847 35786->35785 35786->35787 35797 7b3898 35786->35797 35787->35783 35790 7b3ac1 35790->35787 35792 7b3898 __CRT_INIT@12 138 API calls 35790->35792 35792->35787 35793 7a575e ___DllMainCRTStartup 176 API calls 35794 7b3ab7 35793->35794 35795 7b3898 __CRT_INIT@12 138 API calls 35794->35795 35795->35790 35796->35779 35798 7b38a4 __lseeki64 35797->35798 35799 7b38ac 35798->35799 35800 7b3926 35798->35800 35851 7b3be8 GetProcessHeap 35799->35851 35802 7b392a 35800->35802 35803 7b398f 35800->35803 35807 7b394b 35802->35807 35838 7b38b5 __lseeki64 __CRT_INIT@12 35802->35838 35875 7b3dab 59 API calls _doexit 35802->35875 35805 7b39f2 35803->35805 35806 7b3994 35803->35806 35804 7b38b1 35804->35838 35852 7b59bb 100 API calls 7 library calls 35804->35852 35805->35838 35892 7b584b 59 API calls 2 library calls 35805->35892 35880 7b88e6 35806->35880 35876 7b3c82 61 API calls _free 35807->35876 35812 7b399f 35812->35838 35883 7b8c59 35812->35883 35814 7b38c1 __RTC_Initialize 35822 7b38d1 GetCommandLineA 35814->35822 35814->35838 35815 7b3950 35817 7b3961 __CRT_INIT@12 35815->35817 35877 7b841e 60 API calls _free 35815->35877 35879 7b397a 62 API calls __mtterm 35817->35879 35821 7b395c 35878 7b5a31 62 API calls 2 library calls 35821->35878 35853 7b881c 64 API calls 2 library calls 35822->35853 35826 7b39c8 35828 7b39ce 35826->35828 35829 7b39e6 35826->35829 35827 7b38e1 35854 7b816a 63 API calls 5 library calls 35827->35854 35890 7b5908 59 API calls 4 library calls 35828->35890 35891 7af788 59 API calls 2 library calls 35829->35891 35833 7b38eb 35835 7b38ef 35833->35835 35872 7b8470 72 API calls 3 library calls 35833->35872 35834 7b39d6 GetCurrentThreadId 35834->35838 35871 7b5a31 62 API calls 2 library calls 35835->35871 35838->35785 35839 7b38fb 35840 7b390f 35839->35840 35855 7b869f 35839->35855 35846 7b3914 35840->35846 35874 7b841e 60 API calls _free 35840->35874 35843 7b3924 35843->35835 35846->35838 35848 7a576f 35847->35848 35849 7a576a 35847->35849 35848->35790 35848->35793 35849->35848 35909 7a56fe 35849->35909 35851->35804 35852->35814 35853->35827 35854->35833 35856 7b86a8 35855->35856 35859 7b86ad __setenvp 35855->35859 35893 7b4fdb 71 API calls __setmbcp 35856->35893 35857 7b3904 35857->35840 35873 7b3dba 69 API calls 5 library calls 35857->35873 35859->35857 35860 7b8c59 __calloc_crt 59 API calls 35859->35860 35861 7b86e3 __setenvp 35860->35861 35861->35857 35863 7b8735 35861->35863 35864 7b8c59 __calloc_crt 59 API calls 35861->35864 35865 7b875c 35861->35865 35868 7b8773 35861->35868 35894 7b4c2c 59 API calls __cftoe2_l 35861->35894 35895 7af788 59 API calls 2 library calls 35863->35895 35864->35861 35896 7af788 59 API calls 2 library calls 35865->35896 35897 7b4c01 8 API calls 2 library calls 35868->35897 35870 7b877f 35871->35838 35872->35839 35873->35840 35874->35843 35875->35807 35876->35815 35877->35821 35878->35817 35879->35838 35881 7b88f9 35880->35881 35882 7b88fd TlsGetValue 35880->35882 35881->35812 35882->35812 35886 7b8c60 35883->35886 35885 7b39b0 35885->35838 35889 7b8905 TlsSetValue 35885->35889 35886->35885 35888 7b8c7e 35886->35888 35898 7b4952 35886->35898 35888->35885 35888->35886 35906 7b8c20 Sleep 35888->35906 35889->35826 35890->35834 35891->35838 35892->35838 35893->35859 35894->35861 35895->35857 35896->35857 35897->35870 35899 7b495d 35898->35899 35903 7b4978 35898->35903 35900 7b4969 35899->35900 35899->35903 35907 7b3b94 59 API calls __getptd_noexit 35900->35907 35901 7b4988 RtlAllocateHeap 35901->35903 35904 7b496e 35901->35904 35903->35901 35903->35904 35908 7b3c05 DecodePointer 35903->35908 35904->35886 35906->35888 35907->35904 35908->35903 35910 7a5719 35909->35910 35911 7a570d GetModuleHandleW 35909->35911 35920 7a789b 35910->35920 35911->35910 35913 7a5723 35914 7a572f 35913->35914 35915 7a5756 ExitThread 35913->35915 35916 7a5738 35914->35916 35917 7a574f ExitProcess 35914->35917 35918 7a5749 35916->35918 35919 7a5742 SetUnhandledExceptionFilter 35916->35919 35918->35848 35919->35918 35921 7a78aa _memset ___DllMainCRTStartup 35920->35921 35977 7aa322 LoadLibraryA GetProcAddress 35921->35977 35925 7a78ea 35981 7b050d 35925->35981 35931 7a7905 35932 7a790b SetLastError 35931->35932 36019 7a5078 GetSystemTime SystemTimeToFileTime 35931->36019 35935 7a7b37 35932->35935 36124 7a694e 65 API calls ___DllMainCRTStartup 35935->36124 35936 7a7926 36021 7a7d11 35936->36021 35938 7a7b3d 36125 7a1109 WaitForSingleObject ReleaseMutex WaitForSingleObject ___DllMainCRTStartup 35938->36125 35941 7a7b42 36126 7a61a4 63 API calls 3 library calls 35941->36126 35946 7a7b48 ___DllMainCRTStartup 35946->35913 35948 7a799a 36042 7af7c0 35948->36042 35952 7a79b0 OpenThreadToken 35953 7a79db 35952->35953 35954 7a79cc GetCurrentProcess OpenProcessToken 35952->35954 36074 7a6925 35953->36074 35954->35953 35957 7a79ed 36078 7a7b77 35957->36078 35961 7a7a29 35962 7b028b ___DllMainCRTStartup 59 API calls 35961->35962 35963 7a7a38 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 35962->35963 35964 7b028b ___DllMainCRTStartup 59 API calls 35963->35964 35965 7a7a65 35964->35965 35966 7b028b ___DllMainCRTStartup 59 API calls 35965->35966 35967 7a7a74 35966->35967 35968 7a5078 ___DllMainCRTStartup 2 API calls 35967->35968 35971 7a7a7e 35968->35971 35969 7a7b1e ___DllMainCRTStartup 36123 7a6556 62 API calls 2 library calls 35969->36123 35971->35969 35972 7a7b05 35971->35972 36096 7a96f5 35971->36096 36110 7a982f 35971->36110 36122 7a5c90 61 API calls _free 35971->36122 35972->35971 36121 7a5035 Sleep Sleep 35972->36121 35978 7a78e4 35977->35978 35979 7b10e7 GetSystemTimeAsFileTime 35978->35979 35980 7b1115 __aulldiv 35979->35980 35980->35925 36127 7b5881 35981->36127 35984 7aa1d1 35985 7af7c0 _malloc 59 API calls 35984->35985 35986 7aa1df 35985->35986 35987 7aa1ea _memset 35986->35987 35988 7a78fb 35986->35988 35989 7aa1f5 GetCurrentThreadId 35987->35989 35997 7a613a 35988->35997 36150 7aa133 60 API calls 3 library calls 35989->36150 35991 7aa205 LoadLibraryA GetProcAddress 35992 7aa235 LoadLibraryA GetProcAddress 35991->35992 35996 7aa228 35991->35996 35993 7aa283 FreeLibrary 35992->35993 35994 7aa255 35992->35994 35995 7aa28c FreeLibrary 35993->35995 35994->35993 35995->35988 35996->35995 36151 7b0021 59 API calls 2 library calls 35997->36151 35999 7a6144 36152 7aa0b7 35999->36152 36002 7a6170 36004 7a617b 36002->36004 36006 7a6174 36002->36006 36003 7a6151 36003->36004 36005 7a6155 36003->36005 36011 7a6189 36004->36011 36160 7a5f93 59 API calls 2 library calls 36004->36160 36157 7a5eba 59 API calls _calloc 36005->36157 36159 7aa0e5 61 API calls 2 library calls 36006->36159 36010 7a6198 36162 7af788 59 API calls 2 library calls 36010->36162 36011->36010 36161 7a5f93 59 API calls 2 library calls 36011->36161 36012 7a6161 36158 7a5eba 59 API calls _calloc 36012->36158 36013 7a617a 36013->36004 36017 7a619f 36017->35931 36018 7a6169 36018->35931 36020 7a50b5 __aulldiv 36019->36020 36020->35936 36022 7a7d20 36021->36022 36023 7a794d 36022->36023 36163 7a7c4d 62 API calls ___DllMainCRTStartup 36022->36163 36023->35932 36025 7a64fc 36023->36025 36164 7a49b9 36025->36164 36027 7a6503 36172 7a11d7 36027->36172 36032 7af7c0 _malloc 59 API calls 36034 7a6520 _memset 36032->36034 36033 7a6550 36036 7a7be8 36033->36036 36034->36033 36179 7a4b9f 61 API calls 2 library calls 36034->36179 36037 7a7c1a 36036->36037 36038 7a7bf1 36037->36038 36041 7a7c20 ___DllMainCRTStartup 36037->36041 36038->36037 36182 7a4ee2 VirtualProtect VirtualProtect ___DllMainCRTStartup 36038->36182 36183 7a6390 78 API calls 4 library calls 36038->36183 36041->35948 36043 7af83b 36042->36043 36044 7af7cc 36042->36044 36190 7b3c05 DecodePointer 36043->36190 36052 7af7d7 36044->36052 36046 7af841 36191 7b3b94 59 API calls __getptd_noexit 36046->36191 36049 7af7ff HeapAlloc 36049->36052 36059 7af833 36049->36059 36050 7a79a4 36060 7b2b88 36050->36060 36052->36044 36052->36049 36053 7af827 36052->36053 36057 7af825 36052->36057 36184 7b4023 59 API calls __NMSG_WRITE 36052->36184 36185 7b4080 59 API calls 5 library calls 36052->36185 36186 7b3c6c GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 36052->36186 36187 7b3c05 DecodePointer 36052->36187 36188 7b3b94 59 API calls __getptd_noexit 36053->36188 36189 7b3b94 59 API calls __getptd_noexit 36057->36189 36059->36050 36061 7b2b97 36060->36061 36070 7b2b93 _memmove 36060->36070 36062 7b2b9e 36061->36062 36063 7b2bb1 _memset 36061->36063 36192 7b3b94 59 API calls __getptd_noexit 36062->36192 36067 7b2be8 36063->36067 36068 7b2bdf 36063->36068 36063->36070 36065 7b2ba3 36193 7b4bf1 9 API calls __cftoe2_l 36065->36193 36067->36070 36195 7b3b94 59 API calls __getptd_noexit 36067->36195 36194 7b3b94 59 API calls __getptd_noexit 36068->36194 36070->35952 36071 7b2be4 36196 7b4bf1 9 API calls __cftoe2_l 36071->36196 36075 7a6935 36074->36075 36076 7a6930 36074->36076 36077 7a49b9 ___DllMainCRTStartup 63 API calls 36075->36077 36076->35932 36076->35957 36077->36076 36079 7a7b89 LoadLibraryA 36078->36079 36080 7a7bb6 GetCurrentProcessId ProcessIdToSessionId 36078->36080 36082 7a7b9a GetProcAddress 36079->36082 36083 7a7bad 36079->36083 36081 7a7bd5 36080->36081 36084 7a7bd9 FreeLibrary 36081->36084 36085 7a79f7 GetProcessWindowStation GetUserObjectInformationA 36081->36085 36082->36083 36083->36080 36083->36081 36084->36085 36086 7b028b 36085->36086 36087 7b0294 36086->36087 36088 7b0298 __setenvp 36086->36088 36087->35961 36089 7af7c0 _malloc 59 API calls 36088->36089 36090 7b02ab 36089->36090 36091 7b02c4 36090->36091 36197 7b4c2c 59 API calls __cftoe2_l 36090->36197 36091->35961 36093 7b02bd 36093->36091 36198 7b4c01 8 API calls 2 library calls 36093->36198 36095 7b02da 36097 7a9710 WinHttpOpen 36096->36097 36099 7a9729 GetLastError 36097->36099 36100 7a9734 _memset 36097->36100 36109 7a97e3 36099->36109 36101 7a9764 WinHttpCrackUrl 36100->36101 36102 7a97a0 36101->36102 36105 7a97a8 36101->36105 36199 7af788 59 API calls 2 library calls 36102->36199 36200 7b34bb 59 API calls 3 library calls 36105->36200 36106 7a97b8 36107 7a5078 ___DllMainCRTStartup 2 API calls 36106->36107 36108 7a97c1 WinHttpConnect 36107->36108 36108->36099 36108->36109 36109->35971 36117 7a9855 __NMSG_WRITE 36110->36117 36111 7a5078 GetSystemTime SystemTimeToFileTime ___DllMainCRTStartup 36111->36117 36113 7a9a17 36113->35971 36116 7a98f6 Sleep 36116->36117 36117->36111 36117->36113 36117->36116 36201 7aa1b3 36117->36201 36204 7a949d 36117->36204 36235 7a1136 102 API calls ___DllMainCRTStartup 36117->36235 36236 7b01e0 62 API calls 4 library calls 36117->36236 36237 7b350e 59 API calls __cftoe2_l 36117->36237 36238 7af788 59 API calls 2 library calls 36117->36238 36121->35972 36122->35971 36123->35935 36124->35938 36125->35941 36126->35946 36132 7b5899 GetLastError 36127->36132 36129 7b5887 36130 7a78f0 36129->36130 36146 7b3d8f 59 API calls 3 library calls 36129->36146 36130->35984 36133 7b88e6 __freeptd TlsGetValue 36132->36133 36134 7b58ae 36133->36134 36135 7b58fc SetLastError 36134->36135 36136 7b8c59 __calloc_crt 56 API calls 36134->36136 36135->36129 36137 7b58c1 36136->36137 36137->36135 36147 7b8905 TlsSetValue 36137->36147 36139 7b58d5 36140 7b58db 36139->36140 36141 7b58f3 36139->36141 36148 7b5908 59 API calls 4 library calls 36140->36148 36149 7af788 59 API calls 2 library calls 36141->36149 36144 7b58f9 36144->36135 36145 7b58e3 GetCurrentThreadId 36145->36135 36147->36139 36148->36145 36149->36144 36150->35991 36151->35999 36153 7af7c0 _malloc 59 API calls 36152->36153 36154 7aa0bf _memset 36153->36154 36155 7a614d 36154->36155 36156 7aa0d2 CreateMutexW 36154->36156 36155->36002 36155->36003 36156->36155 36157->36012 36158->36018 36159->36013 36160->36011 36161->36010 36162->36017 36163->36022 36165 7af7c0 _malloc 59 API calls 36164->36165 36166 7a49c1 36165->36166 36167 7a49e9 36166->36167 36168 7aa0b7 ___DllMainCRTStartup 60 API calls 36166->36168 36167->36027 36169 7a49d7 36168->36169 36169->36167 36180 7a49ed 62 API calls 2 library calls 36169->36180 36171 7a49e4 36171->36027 36173 7a1000 ___DllMainCRTStartup 59 API calls 36172->36173 36174 7a11e1 36173->36174 36175 7a1000 36174->36175 36176 7a1025 36175->36176 36177 7a100e 36175->36177 36176->36032 36177->36176 36181 7a1052 59 API calls 2 library calls 36177->36181 36179->36033 36180->36171 36181->36177 36182->36038 36183->36038 36184->36052 36185->36052 36187->36052 36188->36057 36189->36059 36190->36046 36191->36050 36192->36065 36193->36070 36194->36071 36195->36071 36196->36070 36197->36093 36198->36095 36199->36105 36200->36106 36202 7aa1bf WaitForSingleObject 36201->36202 36203 7aa1bd 36201->36203 36202->36117 36203->36117 36205 7a94a3 36204->36205 36239 7aa109 36205->36239 36209 7a96c2 GetLastError 36210 7a96d8 36209->36210 36211 7a96d2 36209->36211 36270 7aa11f 36210->36270 36275 7af788 59 API calls 2 library calls 36211->36275 36212 7a94e7 36214 7a94ee SetLastError 36212->36214 36216 7a950d SetLastError GetLastError 36212->36216 36214->36209 36219 7a96bf 36216->36219 36221 7a952b _memmove 36216->36221 36219->36209 36222 7a95b0 htonl 36221->36222 36229 7a957a SetLastError 36221->36229 36223 7af7c0 _malloc 59 API calls 36222->36223 36224 7a95d1 36223->36224 36225 7b2b88 _memcpy_s 59 API calls 36224->36225 36224->36229 36227 7a95ee _memcmp 36225->36227 36226 7a96a8 36274 7a579e 72 API calls 4 library calls 36226->36274 36227->36219 36227->36226 36227->36229 36230 7a9675 36227->36230 36229->36219 36230->36219 36273 7a5e5b 65 API calls 36230->36273 36232 7a9696 SetLastError 36232->36219 36235->36117 36236->36117 36237->36117 36238->36117 36240 7a94c5 36239->36240 36241 7aa113 WaitForSingleObject 36239->36241 36242 7a9138 WinHttpOpenRequest 36240->36242 36241->36240 36243 7a917f SetLastError 36242->36243 36244 7a9191 36242->36244 36245 7a930d 36243->36245 36246 7a919a 36244->36246 36247 7a92b7 __NMSG_WRITE 36244->36247 36245->36209 36267 7a933b 36245->36267 36248 7a91a3 WinHttpGetIEProxyConfigForCurrentUser 36246->36248 36249 7a92a1 __NMSG_WRITE 36246->36249 36247->36249 36252 7a92c4 WinHttpSetOption 36247->36252 36248->36249 36251 7a91bd 36248->36251 36250 7a92f3 36249->36250 36255 7a92ec WinHttpSetOption 36249->36255 36250->36245 36254 7a92f7 WinHttpSetOption 36250->36254 36253 7a91fc WinHttpGetProxyForUrl 36251->36253 36256 7a91cb 36251->36256 36252->36249 36261 7a925b 36253->36261 36265 7a91dd _memmove 36253->36265 36254->36245 36255->36250 36257 7a9292 36256->36257 36276 7b0021 59 API calls 2 library calls 36256->36276 36257->36249 36260 7a9298 GlobalFree 36257->36260 36260->36249 36262 7af7c0 _malloc 59 API calls 36261->36262 36262->36265 36263 7a927a GlobalFree 36264 7a9283 36263->36264 36264->36257 36266 7a9289 GlobalFree 36264->36266 36265->36263 36265->36264 36266->36257 36268 7a9347 WinHttpSendRequest 36267->36268 36268->36212 36271 7aa129 ReleaseMutex 36270->36271 36272 7a96ea 36270->36272 36271->36272 36272->36117 36273->36232 36274->36229 36275->36210 36276->36265

              Executed Functions

              Function 007A56FE Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 240 7a56fe-7a570b 241 7a5719-7a571e call 7a789b 240->241 242 7a570d-7a5714 GetModuleHandleW 240->242 244 7a5723-7a572d 241->244 242->241 245 7a572f-7a5736 244->245 246 7a5756-7a5757 ExitThread 244->246 247 7a5738-7a5740 245->247 248 7a574f-7a5750 ExitProcess 245->248 249 7a5749-7a574e 247->249 250 7a5742-7a5743 SetUnhandledExceptionFilter 247->250 250->249
              APIs
              • GetModuleHandleW.KERNEL32(00000000,?,?,?,007A578B,?,?,007B3A9F,?,00000001,?,?,00000001,?,007C54D0,0000000C), ref: 007A570E
              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,007A578B,?,?,007B3A9F,?,00000001,?,?,00000001,?,007C54D0,0000000C), ref: 007A5743
              • ExitProcess.KERNEL32 ref: 007A5750
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ExceptionExitFilterHandleModuleProcessUnhandled
              • String ID:
              • API String ID: 3470424200-0
              • Opcode ID: f0798e2ca9628e975a26608b47230ee89a967bcaeeec0e493d9177132235b3c4
              • Instruction ID: eaafcbae4edf21f810e8289e7e11620391163da90a7d1b896018ee85bde0ad42
              • Opcode Fuzzy Hash: f0798e2ca9628e975a26608b47230ee89a967bcaeeec0e493d9177132235b3c4
              • Instruction Fuzzy Hash: DDF08279101B08EF87206F65ECCCC5A776CEA87366358C53EF60652522CA3CE881CBA5
              Function 0041A568 Relevance: 5.0, APIs: 3, Instructions: 458memorylibraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 251 41a568-41a58a call 41a560 254 41a58c-41a594 251->254 255 41a596-41a5a2 254->255 256 41a5ad-41a5ae 254->256 255->256 257 41a5a4-41a5ab 255->257 256->254 257->256 258 41a5b0-41a5d5 GetPEB 257->258 259 41a5db-41a5e0 258->259 260 41a7ae-41a7d7 VirtualAlloc 258->260 261 41a5e4-41a5ee 259->261 266 41a7e7-41a7f1 260->266 267 41a7d9-41a7db 260->267 262 41a5f0 261->262 263 41a5f3-41a5ff 261->263 262->263 263->261 265 41a601-41a607 263->265 268 41a6fa-41a700 265->268 269 41a60d-41a630 265->269 271 41a823-41a831 266->271 272 41a7f3-41a7f6 266->272 270 41a7de-41a7e5 267->270 277 41a702-41a724 268->277 278 41a77d-41a781 268->278 274 41a632-41a638 269->274 270->266 270->270 275 41a833-41a841 LoadLibraryA 271->275 276 41a8b2-41a8c5 271->276 273 41a7f8-41a80b 272->273 279 41a819-41a81e 273->279 280 41a80d-41a814 273->280 283 41a63a-41a647 274->283 286 41a843-41a852 275->286 287 41a8a4-41a8ad 275->287 284 41a8cb-41a8d5 276->284 285 41a96e-41a97b 276->285 288 41a727-41a72d 277->288 281 41a783-41a787 278->281 282 41a79b-41a7a2 278->282 279->273 291 41a820 279->291 280->280 289 41a816 280->289 281->282 292 41a789-41a78d 281->292 282->259 297 41a7a8-41a7ad 282->297 283->283 295 41a649-41a64f 283->295 296 41a8d8-41a8dd 284->296 293 41a981-41a986 285->293 294 41aa43-41aa57 call 7b3a0a 285->294 286->287 298 41a854 286->298 287->275 290 41a8af 287->290 299 41a72f-41a73c 288->299 289->279 290->276 291->271 292->282 300 41a78f-41a793 292->300 301 41a988-41a9b8 293->301 333 41aa59-41aa61 294->333 302 41a671-41a685 295->302 303 41a651-41a657 295->303 304 41a8e3-41a8f5 296->304 305 41a96b 296->305 297->260 306 41a857-41a859 298->306 299->299 307 41a73e-41a744 299->307 300->282 309 41a795-41a799 300->309 310 41a9c5-41a9da 301->310 311 41a9ba-41a9c2 301->311 317 41a690-41a696 302->317 318 41a687-41a68e 302->318 303->302 312 41a659-41a65f 303->312 313 41a957-41a965 304->313 314 41a8f7-41a8fa 304->314 305->285 315 41a85b-41a85f 306->315 316 41a87d-41a885 306->316 319 41a767 307->319 320 41a746-41a765 307->320 309->282 309->297 327 41aa23-41aa27 310->327 328 41a9dc-41a9f3 310->328 311->310 312->302 322 41a661-41a667 312->322 313->296 313->305 323 41a8fc-41a90b 314->323 315->316 329 41a861-41a87b 315->329 339 41a889-41a895 316->339 325 41a6a1-41a6a7 317->325 326 41a698-41a69f 317->326 324 41a6d2-41a6dd 318->324 321 41a76a-41a778 319->321 320->321 321->288 332 41a77a 321->332 322->302 335 41a669-41a66f 322->335 336 41a913-41a91c 323->336 337 41a90d-41a911 323->337 334 41a6e2-41a6ef 324->334 330 41a6b2-41a6b8 325->330 331 41a6a9-41a6b0 325->331 326->324 340 41aa35-41aa3a 327->340 341 41aa29-41aa32 VirtualProtect 327->341 328->327 338 41a9f5-41aa0a 328->338 329->339 346 41a6c3-41a6c9 330->346 347 41a6ba-41a6c1 330->347 331->324 332->278 334->274 348 41a6f5 334->348 335->302 343 41a6df 335->343 345 41a945-41a94c 336->345 337->336 344 41a91e-41a922 337->344 338->327 349 41aa0c-41aa12 338->349 350 41a897-41a899 339->350 351 41a89c-41a89f 339->351 340->301 342 41aa40 340->342 341->340 342->294 343->334 356 41a935-41a939 344->356 357 41a924-41a933 344->357 345->323 352 41a94e-41a954 345->352 346->324 354 41a6cb-41a6cf 346->354 347->324 348->332 349->327 355 41aa14-41aa20 349->355 350->351 351->306 353 41a8a1 351->353 352->313 353->287 354->324 355->327 356->345 358 41a93b-41a941 356->358 357->345 358->345
              APIs
              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041A7C1
              • LoadLibraryA.KERNELBASE(?), ref: 0041A839
              • VirtualProtect.KERNELBASE(?,00000000,00000002,00000000), ref: 0041AA32
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Virtual$AllocLibraryLoadProtect
              • String ID:
              • API String ID: 1403325721-0
              • Opcode ID: d0911f3fb7ff9ca4e42fbf98101b4cd6e9d819dc6edbf79a3e30d88375ed4576
              • Instruction ID: 485e7f014a4c8562fdaa089ae9d3eae69c07e96f525bbae2b6d5144aaa5fb7af
              • Opcode Fuzzy Hash: d0911f3fb7ff9ca4e42fbf98101b4cd6e9d819dc6edbf79a3e30d88375ed4576
              • Instruction Fuzzy Hash: EF028D75A016069FDB24CF98C9807EEB7F1FF48310F29446AD895A7350D338ADA2CB55
              Function 0041A568 Relevance: 5.0, APIs: 3, Instructions: 458memorylibraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 251 41a568-41a58a call 41a560 254 41a58c-41a594 251->254 255 41a596-41a5a2 254->255 256 41a5ad-41a5ae 254->256 255->256 257 41a5a4-41a5ab 255->257 256->254 257->256 258 41a5b0-41a5d5 GetPEB 257->258 259 41a5db-41a5e0 258->259 260 41a7ae-41a7d7 VirtualAlloc 258->260 261 41a5e4-41a5ee 259->261 266 41a7e7-41a7f1 260->266 267 41a7d9-41a7db 260->267 262 41a5f0 261->262 263 41a5f3-41a5ff 261->263 262->263 263->261 265 41a601-41a607 263->265 268 41a6fa-41a700 265->268 269 41a60d-41a630 265->269 271 41a823-41a831 266->271 272 41a7f3-41a7f6 266->272 270 41a7de-41a7e5 267->270 277 41a702-41a724 268->277 278 41a77d-41a781 268->278 274 41a632-41a638 269->274 270->266 270->270 275 41a833-41a841 LoadLibraryA 271->275 276 41a8b2-41a8c5 271->276 273 41a7f8-41a80b 272->273 279 41a819-41a81e 273->279 280 41a80d-41a814 273->280 283 41a63a-41a647 274->283 286 41a843-41a852 275->286 287 41a8a4-41a8ad 275->287 284 41a8cb-41a8d5 276->284 285 41a96e-41a97b 276->285 288 41a727-41a72d 277->288 281 41a783-41a787 278->281 282 41a79b-41a7a2 278->282 279->273 291 41a820 279->291 280->280 289 41a816 280->289 281->282 292 41a789-41a78d 281->292 282->259 297 41a7a8-41a7ad 282->297 283->283 295 41a649-41a64f 283->295 296 41a8d8-41a8dd 284->296 293 41a981-41a986 285->293 294 41aa43-41aa57 call 7b3a0a 285->294 286->287 298 41a854 286->298 287->275 290 41a8af 287->290 299 41a72f-41a73c 288->299 289->279 290->276 291->271 292->282 300 41a78f-41a793 292->300 301 41a988-41a9b8 293->301 333 41aa59-41aa61 294->333 302 41a671-41a685 295->302 303 41a651-41a657 295->303 304 41a8e3-41a8f5 296->304 305 41a96b 296->305 297->260 306 41a857-41a859 298->306 299->299 307 41a73e-41a744 299->307 300->282 309 41a795-41a799 300->309 310 41a9c5-41a9da 301->310 311 41a9ba-41a9c2 301->311 317 41a690-41a696 302->317 318 41a687-41a68e 302->318 303->302 312 41a659-41a65f 303->312 313 41a957-41a965 304->313 314 41a8f7-41a8fa 304->314 305->285 315 41a85b-41a85f 306->315 316 41a87d-41a885 306->316 319 41a767 307->319 320 41a746-41a765 307->320 309->282 309->297 327 41aa23-41aa27 310->327 328 41a9dc-41a9f3 310->328 311->310 312->302 322 41a661-41a667 312->322 313->296 313->305 323 41a8fc-41a90b 314->323 315->316 329 41a861-41a87b 315->329 339 41a889-41a895 316->339 325 41a6a1-41a6a7 317->325 326 41a698-41a69f 317->326 324 41a6d2-41a6dd 318->324 321 41a76a-41a778 319->321 320->321 321->288 332 41a77a 321->332 322->302 335 41a669-41a66f 322->335 336 41a913-41a91c 323->336 337 41a90d-41a911 323->337 334 41a6e2-41a6ef 324->334 330 41a6b2-41a6b8 325->330 331 41a6a9-41a6b0 325->331 326->324 340 41aa35-41aa3a 327->340 341 41aa29-41aa32 VirtualProtect 327->341 328->327 338 41a9f5-41aa0a 328->338 329->339 346 41a6c3-41a6c9 330->346 347 41a6ba-41a6c1 330->347 331->324 332->278 334->274 348 41a6f5 334->348 335->302 343 41a6df 335->343 345 41a945-41a94c 336->345 337->336 344 41a91e-41a922 337->344 338->327 349 41aa0c-41aa12 338->349 350 41a897-41a899 339->350 351 41a89c-41a89f 339->351 340->301 342 41aa40 340->342 341->340 342->294 343->334 356 41a935-41a939 344->356 357 41a924-41a933 344->357 345->323 352 41a94e-41a954 345->352 346->324 354 41a6cb-41a6cf 346->354 347->324 348->332 349->327 355 41aa14-41aa20 349->355 350->351 351->306 353 41a8a1 351->353 352->313 353->287 354->324 355->327 356->345 358 41a93b-41a941 356->358 357->345 358->345
              APIs
              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041A7C1
              • LoadLibraryA.KERNELBASE(?), ref: 0041A839
              • VirtualProtect.KERNELBASE(?,00000000,00000002,00000000), ref: 0041AA32
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Virtual$AllocLibraryLoadProtect
              • String ID:
              • API String ID: 1403325721-0
              • Opcode ID: d0911f3fb7ff9ca4e42fbf98101b4cd6e9d819dc6edbf79a3e30d88375ed4576
              • Instruction ID: 485e7f014a4c8562fdaa089ae9d3eae69c07e96f525bbae2b6d5144aaa5fb7af
              • Opcode Fuzzy Hash: d0911f3fb7ff9ca4e42fbf98101b4cd6e9d819dc6edbf79a3e30d88375ed4576
              • Instruction Fuzzy Hash: EF028D75A016069FDB24CF98C9807EEB7F1FF48310F29446AD895A7350D338ADA2CB55
              Function 007A9138 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 162COMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00000100), ref: 007A9173
              • SetLastError.KERNEL32(00000490), ref: 007A9184
              • WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(?), ref: 007A91AF
              • _calloc.LIBCMT ref: 007A91D8
              • GlobalFree.KERNEL32(00000000), ref: 007A927D
              • GlobalFree.KERNEL32(00000000), ref: 007A928C
              • GlobalFree.KERNEL32(00000000), ref: 007A929B
              • WinHttpSetOption.WINHTTP(00000000,00001003,?,00000000), ref: 007A92ED
              • WinHttpSetOption.WINHTTP(00000000,0000001F,?,00000004), ref: 007A9307
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Http$FreeGlobal$Option$ConfigCurrentErrorLastOpenProxyRequestUser_calloc
              • String ID: GET$POST
              • API String ID: 3023714100-3192705859
              • Opcode ID: 26ae30ca9320893b9da1466b7158332784497d94ea09326e63f09229f4d646ea
              • Instruction ID: 85fc65a38d04630aebf2641a827e8838227ee5f032b22740bf0488e12a8959ba
              • Opcode Fuzzy Hash: 26ae30ca9320893b9da1466b7158332784497d94ea09326e63f09229f4d646ea
              • Instruction Fuzzy Hash: 5E519170900309EFEB219F55DC49BAABBF9FF85300F50422EFA42A2591D7B89950CB50
              Function 007A789B Relevance: 21.2, APIs: 14, Instructions: 249threadCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 43 7a789b-7a7909 call 7afeb0 call 7b0150 * 2 call 7aa322 call 7b10e7 call 7b050d call 7aa1d1 call 7a613a 60 7a790b 43->60 61 7a7918-7a792e call 7a5078 43->61 62 7a790d-7a7913 SetLastError 60->62 67 7a7930-7a7935 61->67 68 7a7937 61->68 64 7a7b38-7a7b72 call 7a694e call 7a1109 call 7a61a4 call 7afeeb 62->64 70 7a793b-7a7952 call 7a7d11 67->70 68->70 75 7a795b-7a7963 70->75 76 7a7954-7a7959 70->76 78 7a796c-7a79ca call 7a64fc call 7a7be8 call 7af7c0 call 7b2b88 OpenThreadToken 75->78 79 7a7965-7a796b 75->79 76->62 93 7a79db-7a79e4 call 7a6925 78->93 94 7a79cc-7a79d5 GetCurrentProcess OpenProcessToken 78->94 79->78 97 7a79ed-7a7a81 call 7a7b77 GetProcessWindowStation GetUserObjectInformationA call 7b028b * 2 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA call 7b028b * 2 call 7a5078 93->97 98 7a79e6-7a79e8 93->98 94->93 111 7a7a84-7a7a89 97->111 98->62 112 7a7b1e-7a7b22 111->112 113 7a7a8f-7a7a94 111->113 114 7a7b31-7a7b37 call 7a6556 112->114 115 7a7b24-7a7b2f call 7a7cd6 112->115 116 7a7aa9-7a7aae call 7a982f 113->116 117 7a7a96-7a7a97 call 7a96f5 113->117 114->64 115->112 123 7a7ab1-7a7abd 116->123 121 7a7a99-7a7a9c 117->121 121->116 124 7a7a9e-7a7aa7 121->124 125 7a7abf-7a7ac2 123->125 126 7a7ac3-7a7acb 123->126 124->111 125->126 127 7a7acd-7a7acf 126->127 128 7a7ae3-7a7ae5 126->128 129 7a7adb 127->129 130 7a7ad1-7a7ad4 127->130 131 7a7af6-7a7afc 128->131 132 7a7ae7-7a7aec 128->132 135 7a7add-7a7ae2 129->135 130->129 134 7a7ad6-7a7ad9 130->134 137 7a7aff-7a7b03 131->137 132->112 136 7a7aee-7a7af4 132->136 134->135 135->128 136->137 138 7a7b12-7a7b19 call 7a5c90 137->138 139 7a7b05-7a7b0e call 7a5035 137->139 138->111 139->138
              APIs
              • _memset.LIBCMT ref: 007A78C3
              • _memset.LIBCMT ref: 007A78D7
                • Part of subcall function 007AA322: LoadLibraryA.KERNEL32(kernel32.dll,007A78E4,?,00000000,000000FF,?,00000000,000000FF,007C54A0,00000214,007A5723,?,00000001,?,?), ref: 007AA327
                • Part of subcall function 007AA322: GetProcAddress.KERNEL32(00000000,SetThreadErrorMode), ref: 007AA333
              • __time64.LIBCMT ref: 007A78E5
                • Part of subcall function 007B10E7: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,007A78EA,00000000,?,00000000,000000FF,?,00000000,000000FF,007C54A0,00000214,007A5723,?), ref: 007B10F0
                • Part of subcall function 007B10E7: __aulldiv.LIBCMT ref: 007B1110
                • Part of subcall function 007AA1D1: _malloc.LIBCMT ref: 007AA1DA
                • Part of subcall function 007AA1D1: _memset.LIBCMT ref: 007AA1F0
                • Part of subcall function 007AA1D1: GetCurrentThreadId.KERNEL32 ref: 007AA1F8
                • Part of subcall function 007AA1D1: LoadLibraryA.KERNEL32(kernel32.dll,?,?,000000FF,?,?,?,?,?,?,?,?,?,007A78FB), ref: 007AA20D
                • Part of subcall function 007AA1D1: GetProcAddress.KERNEL32(00000000,OpenThread), ref: 007AA21E
                • Part of subcall function 007AA1D1: FreeLibrary.KERNEL32(00000000,?,?,000000FF,?,?,?,?,?,?,?,?,?,007A78FB), ref: 007AA28D
                • Part of subcall function 007A613A: _calloc.LIBCMT ref: 007A613F
              • SetLastError.KERNEL32(0000000A), ref: 007A790D
              • _malloc.LIBCMT ref: 007A799F
              • _memcpy_s.LIBCMT ref: 007A79AB
              • OpenThreadToken.ADVAPI32(?,000F01FF,00000001,0000001C), ref: 007A79C2
              • GetCurrentProcess.KERNEL32(000F01FF,0000001C), ref: 007A79CE
              • OpenProcessToken.ADVAPI32(00000000), ref: 007A79D5
              • GetProcessWindowStation.USER32(00000002,?,00000100,00000000), ref: 007A7A0E
              • GetUserObjectInformationA.USER32(00000000), ref: 007A7A1B
              • GetCurrentThreadId.KERNEL32 ref: 007A7A49
              • GetThreadDesktop.USER32(00000000), ref: 007A7A50
              • GetUserObjectInformationA.USER32(00000000), ref: 007A7A57
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Thread$CurrentLibraryProcess_memset$AddressInformationLoadObjectOpenProcTimeTokenUser_malloc$DesktopErrorFileFreeLastStationSystemWindow__aulldiv__time64_calloc_memcpy_s
              • String ID:
              • API String ID: 3017021961-0
              • Opcode ID: 0d85c4b138c823331ce4296630b3b476f3eaf639b94bcf1cd4f8e99fe7aad0dc
              • Instruction ID: fa4b4f3cb3a8c7cc3911c284b4e283e9d99b4616b1dad633758a2ad4e3d2a147
              • Opcode Fuzzy Hash: 0d85c4b138c823331ce4296630b3b476f3eaf639b94bcf1cd4f8e99fe7aad0dc
              • Instruction Fuzzy Hash: BF8174B1904605FFD718AF64DD89FAAB7A8FF46310F108629E505D7542D73CE950CBA0
              Function 007A949D Relevance: 18.2, APIs: 12, Instructions: 234COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 147 7a949d-7a94d8 call 7aa109 call 7a9138 152 7a94de-7a94e4 call 7a933b 147->152 153 7a96c2-7a96d0 GetLastError 147->153 156 7a94e7-7a94ec 152->156 154 7a96d9-7a96db 153->154 155 7a96d2-7a96d8 call 7af788 153->155 158 7a96dd-7a96e1 154->158 159 7a96e2-7a96f4 call 7aa11f 154->159 155->154 160 7a94fe-7a9503 156->160 161 7a94ee-7a94f9 SetLastError 156->161 158->159 165 7a950d-7a9525 SetLastError GetLastError 160->165 166 7a9505-7a950b 160->166 161->153 170 7a952b-7a9531 165->170 171 7a96bf 165->171 166->161 166->165 172 7a9532-7a9534 170->172 171->153 173 7a958e-7a9591 172->173 174 7a9536-7a9538 172->174 175 7a9593-7a95d7 call 7af860 call 7a50b9 htonl call 7af7c0 173->175 176 7a9584-7a9589 173->176 174->173 177 7a953a-7a9557 174->177 190 7a95d9-7a95db 175->190 191 7a95e0-7a9601 call 7b2b88 175->191 178 7a96bd SetLastError 176->178 177->176 182 7a9559-7a955d 177->182 178->171 184 7a957a-7a957f 182->184 185 7a955f-7a9571 182->185 184->178 185->172 187 7a9573-7a9578 185->187 187->172 190->178 194 7a9603 191->194 195 7a9645-7a9649 191->195 196 7a9606-7a9608 194->196 195->171 197 7a964b-7a9657 call 7a50de 195->197 196->195 198 7a960a-7a9624 196->198 202 7a96a8-7a96bc call 7a579e 197->202 203 7a9659-7a9673 call 7b1138 197->203 198->176 204 7a962a-7a962e 198->204 202->178 203->202 210 7a9675-7a9688 call 7a5f67 203->210 204->176 207 7a9634-7a9643 204->207 207->195 207->196 210->171 213 7a968a-7a96a6 call 7a5e5b SetLastError 210->213 213->171
              APIs
                • Part of subcall function 007AA109: WaitForSingleObject.KERNEL32(?,000000FF,?,007A4A00,00000001,00000000,?,007A49E4,00000000,00000000,007A6503,00000000,00000000,007A798B), ref: 007AA117
              • SetLastError.KERNEL32(00000490), ref: 007A94F3
              • SetLastError.KERNEL32(00000000), ref: 007A951B
              • GetLastError.KERNEL32 ref: 007A951D
              • SetLastError.KERNEL32(00000490), ref: 007A96BD
              • GetLastError.KERNEL32 ref: 007A96C2
              • _free.LIBCMT ref: 007A96D3
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$ObjectSingleWait_free
              • String ID:
              • API String ID: 4243334350-0
              • Opcode ID: 1ffeb495b33e2e67bdee877aa09cd1e07bb7b5b63348386395852b01d338b9e2
              • Instruction ID: d41817c4793e14ec6755981b6da0cd206301e1ebfd7a57575e7c814f587b61be
              • Opcode Fuzzy Hash: 1ffeb495b33e2e67bdee877aa09cd1e07bb7b5b63348386395852b01d338b9e2
              • Instruction Fuzzy Hash: EE7162B1E00209EFDF14DFA9CC45BAEB7B8EF85310F144569FA11E6141EB38DA608B54
              Function 007A96F5 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 84COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 218 7a96f5-7a970e 219 7a9710-7a9715 218->219 220 7a9717-7a9718 218->220 221 7a9719-7a9727 WinHttpOpen 219->221 220->221 222 7a9729-7a972f GetLastError 221->222 223 7a9734-7a979e call 7b0150 * 3 WinHttpCrackUrl 221->223 224 7a97e5-7a97eb 222->224 231 7a97ac-7a97dd call 7b34bb call 7a5078 WinHttpConnect 223->231 232 7a97a0-7a97a9 call 7af788 223->232 231->222 239 7a97e3 231->239 232->231 239->224
              APIs
              • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000), ref: 007A971C
              • GetLastError.KERNEL32 ref: 007A9729
              • _memset.LIBCMT ref: 007A9741
              • _memset.LIBCMT ref: 007A9753
              • _memset.LIBCMT ref: 007A975F
              • WinHttpCrackUrl.WINHTTP(?,00000000,00000000,0000003C), ref: 007A9794
              • _free.LIBCMT ref: 007A97A3
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • WinHttpConnect.WINHTTP(?,?,?,00000000), ref: 007A97D2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Http_memset$ErrorLast$ConnectCrackFreeHeapOpen_free
              • String ID: <
              • API String ID: 2670675293-4251816714
              • Opcode ID: 699906604bb5b94ab06d9b02a2b75525070a6ed1ebc0f55f70d7d074a124fb6f
              • Instruction ID: 2b230db610eb964875603a9c8b7b572302304f3244b70cbc99d70b7e15867939
              • Opcode Fuzzy Hash: 699906604bb5b94ab06d9b02a2b75525070a6ed1ebc0f55f70d7d074a124fb6f
              • Instruction Fuzzy Hash: 6C314F71901118EBCB15AFA5DC88ADABBBCFF49310F404266F608A2151DB389694CFE4
              Function 007A948A Relevance: 4.6, APIs: 3, Instructions: 67COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 360 7a948a-7a948d 361 7a948f-7a949c call 7aa11f 360->361 362 7a94a3-7a94c0 call 7aa109 360->362 361->362 365 7a94c5-7a94ce call 7a9138 362->365 367 7a94d1-7a94d8 365->367 368 7a94de-7a94e4 call 7a933b 367->368 369 7a96c2-7a96d0 GetLastError 367->369 372 7a94e7-7a94ec 368->372 370 7a96d9-7a96db 369->370 371 7a96d2-7a96d8 call 7af788 369->371 374 7a96dd-7a96e1 370->374 375 7a96e2-7a96f4 call 7aa11f 370->375 371->370 376 7a94fe-7a9503 372->376 377 7a94ee-7a94f9 SetLastError 372->377 374->375 381 7a950d-7a9525 SetLastError GetLastError 376->381 382 7a9505-7a950b 376->382 377->369 386 7a952b-7a9531 381->386 387 7a96bf 381->387 382->377 382->381 388 7a9532-7a9534 386->388 387->369 389 7a958e-7a9591 388->389 390 7a9536-7a9538 388->390 391 7a9593-7a95d7 call 7af860 call 7a50b9 htonl call 7af7c0 389->391 392 7a9584-7a9589 389->392 390->389 393 7a953a-7a9557 390->393 406 7a95d9-7a95db 391->406 407 7a95e0-7a9601 call 7b2b88 391->407 394 7a96bd SetLastError 392->394 393->392 398 7a9559-7a955d 393->398 394->387 400 7a957a-7a957f 398->400 401 7a955f-7a9571 398->401 400->394 401->388 403 7a9573-7a9578 401->403 403->388 406->394 410 7a9603 407->410 411 7a9645-7a9649 407->411 412 7a9606-7a9608 410->412 411->387 413 7a964b-7a9657 call 7a50de 411->413 412->411 414 7a960a-7a9624 412->414 418 7a96a8-7a96bc call 7a579e 413->418 419 7a9659-7a9673 call 7b1138 413->419 414->392 420 7a962a-7a962e 414->420 418->394 419->418 426 7a9675-7a9688 call 7a5f67 419->426 420->392 423 7a9634-7a9643 420->423 423->411 423->412 426->387 429 7a968a-7a96a6 call 7a5e5b SetLastError 426->429 429->387
              APIs
              • SetLastError.KERNEL32(00000490), ref: 007A94F3
              • GetLastError.KERNEL32 ref: 007A96C2
              • _free.LIBCMT ref: 007A96D3
                • Part of subcall function 007AA11F: ReleaseMutex.KERNEL32(00000000,?,007AA0F6,00000000,00000000,?,007A617A,00000000,00000000,007A7905), ref: 007AA12B
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$MutexRelease_free
              • String ID:
              • API String ID: 3381282969-0
              • Opcode ID: c6b67e18dbc236f3b4211c9eb9d4a1d8af6675c194cdaa5a43403b832d88cde5
              • Instruction ID: 027ab048d528d9314ab01e97a71b55e637f672826d7a232b6ee790e7c445fcd7
              • Opcode Fuzzy Hash: c6b67e18dbc236f3b4211c9eb9d4a1d8af6675c194cdaa5a43403b832d88cde5
              • Instruction Fuzzy Hash: 8411E776300209FFD7105F95EC89B6A73F8FF85362F10416EFA0492541D779AC608B95
              Function 007AA0B7 Relevance: 4.5, APIs: 3, Instructions: 23synchronizationCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 434 7aa0b7-7aa0c4 call 7af7c0 437 7aa0e1-7aa0e4 434->437 438 7aa0c6-7aa0e0 call 7b0150 CreateMutexW 434->438 438->437
              APIs
              • _malloc.LIBCMT ref: 007AA0BA
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007AA0CD
              • CreateMutexW.KERNELBASE(00000000,00000000,00000000,007A614D,00000000,007A7905), ref: 007AA0D8
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocCreateHeapMutex_malloc_memset
              • String ID:
              • API String ID: 2908907703-0
              • Opcode ID: b49a375d4676113c550a1da14920151d31b7224a46357f9c7f8d9a2a1b38ae80
              • Instruction ID: d0753abaa69b164510d78910df79af6fe04dada8421069cfb0ed9390b74a7a79
              • Opcode Fuzzy Hash: b49a375d4676113c550a1da14920151d31b7224a46357f9c7f8d9a2a1b38ae80
              • Instruction Fuzzy Hash: E7D05E7660116577D23126AA7C0DF5B5E6CCFE3F20F05012DFA0496241DA280842C2E5
              Function 007A982F Relevance: 3.2, APIs: 2, Instructions: 181sleepCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 441 7a982f-7a9852 442 7a9855-7a9858 441->442 443 7a985a-7a986a call 7a5078 442->443 444 7a9872-7a9875 442->444 451 7a9a38-7a9a40 443->451 452 7a9870 443->452 446 7a9887-7a9897 call 7aa1b3 444->446 447 7a9877-7a987f call 7a5078 444->447 446->451 456 7a989d-7a98ad call 7a949d 446->456 447->451 455 7a9885 447->455 452->444 455->446 459 7a98af-7a98b5 456->459 460 7a9910-7a9923 call 7a5078 456->460 462 7a98b7-7a98c2 call 7a5078 459->462 463 7a98c4-7a98ca 459->463 471 7a9929-7a993b call 7a1136 460->471 472 7a9a06 460->472 473 7a98e8-7a98f1 462->473 465 7a98d0-7a98d6 463->465 466 7a9a27-7a9a36 463->466 469 7a98dc-7a98e2 465->469 470 7a9a17-7a9a1d 465->470 466->451 469->451 469->473 470->451 476 7a9a1f-7a9a25 470->476 474 7a9a09-7a9a0b 471->474 481 7a9941-7a9960 call 7b00bf * 2 471->481 472->474 477 7a98f3 473->477 478 7a98f6-7a990b Sleep 473->478 474->451 479 7a9a0d-7a9a12 474->479 476->451 477->478 478->472 479->442 486 7a998c-7a9993 481->486 487 7a9962-7a9989 call 7b00bf call 7b01e0 481->487 489 7a9996-7a999f 486->489 487->486 491 7a99bd-7a99c6 489->491 492 7a99a1-7a99a5 489->492 496 7a99c8-7a99cb 491->496 497 7a99cd 491->497 494 7a99b2-7a99b5 492->494 495 7a99a7-7a99b0 492->495 494->491 500 7a99b7-7a99bb 494->500 495->492 495->494 498 7a99d0-7a99eb call 7b00bf call 7b350e 496->498 497->498 505 7a99fb-7a9a03 498->505 506 7a99ed-7a99f8 call 7af788 498->506 500->489 500->491 505->472 506->505
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Sleep_free
              • String ID:
              • API String ID: 2540740895-0
              • Opcode ID: 5de23d2a472c2cd78c975dde7ba81928ae4185705a66fe7945106d0ae26d4496
              • Instruction ID: ab92d9ffc1209910da3deececf391f3fabe5eb4fa28c336a38fe5d6c800f374d
              • Opcode Fuzzy Hash: 5de23d2a472c2cd78c975dde7ba81928ae4185705a66fe7945106d0ae26d4496
              • Instruction Fuzzy Hash: E1615F75A00205EFCB18DF68C4856AFB7F5EF86310B20816EE505DB251E739DEA1CB90
              Function 007A933B Relevance: 1.5, APIs: 1, Instructions: 23COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 509 7a933b-7a9345 510 7a9359-7a9366 509->510 511 7a9347-7a9357 509->511 512 7a9367-7a9371 WinHttpSendRequest 510->512 511->512
              APIs
              • WinHttpSendRequest.WINHTTP(?,00000000,00000000,?,?,?,00000000), ref: 007A936A
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: HttpRequestSend
              • String ID:
              • API String ID: 360639707-0
              • Opcode ID: 517c064131da13c0b6b61558c029f489c52ade8a8beca7d905bfc75ec6161f89
              • Instruction ID: 3b5670bc10ee8596287371c5f6696bfa2e1509f6e6138cbd3f451dd2768789b4
              • Opcode Fuzzy Hash: 517c064131da13c0b6b61558c029f489c52ade8a8beca7d905bfc75ec6161f89
              • Instruction Fuzzy Hash: E1E05272114209BFDF028F94ED04EAA3B6AFB49720F544214FA15950A1C336D830AB65

              Non-executed Functions

              Function 007A25C8 Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 264threadinjectionmemoryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007A49B9: _malloc.LIBCMT ref: 007A49BC
              • VirtualAllocEx.KERNEL32(?,6B0095F0,00002000,00003000,00000040,00000000,00000000,00000000), ref: 007A2684
              • VirtualQueryEx.KERNEL32(?,00000000,00000000,0000001C), ref: 007A269D
              • _malloc.LIBCMT ref: 007A26AE
              • _memset.LIBCMT ref: 007A26C7
              • WriteProcessMemory.KERNEL32(?,?,00000000,?,00000000), ref: 007A26D9
              • WriteProcessMemory.KERNEL32(?,?,?,00000012,00000000), ref: 007A26FA
              • _free.LIBCMT ref: 007A2709
              • LoadLibraryA.KERNEL32(ntdll), ref: 007A2714
              • GetProcAddress.KERNEL32(00000000,NtQueueApcThread), ref: 007A272B
              • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 007A2740
              • GetLastError.KERNEL32 ref: 007A274E
              • Thread32First.KERNEL32(00000000,0000001C), ref: 007A275E
              • VirtualAllocEx.KERNEL32(?,00000000,00000130,00003000,00000040), ref: 007A2778
              • WriteProcessMemory.KERNEL32(?,00000000,007C81C0,00000144,00000000), ref: 007A2796
              • WriteProcessMemory.KERNEL32(?,?,?,00000014,00000000), ref: 007A27AC
              • OpenThread.KERNEL32(001F03FF,00000000,?), ref: 007A27C8
              • SuspendThread.KERNEL32(00000000), ref: 007A27D5
              • CloseHandle.KERNEL32(00000000), ref: 007A2801
              • Thread32Next.KERNEL32(00000000,0000001C), ref: 007A280C
              • SetLastError.KERNEL32(0000000A,00000000,00000000,00000000), ref: 007A2819
              • GetLastError.KERNEL32 ref: 007A281F
              • Sleep.KERNEL32(000007D0), ref: 007A2859
              • ResumeThread.KERNEL32(00000000), ref: 007A2872
              • CloseHandle.KERNEL32(00000000), ref: 007A2879
              • CloseHandle.KERNEL32(?), ref: 007A289E
              • FreeLibrary.KERNEL32(00000002), ref: 007A28AC
              • SetLastError.KERNEL32(00000005,00000000,00000000), ref: 007A28B3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastMemoryProcessWrite$CloseHandleThreadVirtual$AllocLibraryThread32_malloc$AddressCreateFirstFreeLoadNextOpenProcQueryResumeSleepSnapshotSuspendToolhelp32_free_memset
              • String ID: NtQueueApcThread$ntdll
              • API String ID: 3396850899-1374908105
              • Opcode ID: e94e1347048126fd8dda0d4fd61455c70d1c7beeada07d1cf495e0df839dbb0e
              • Instruction ID: 0c882307b96e6da8e01d10203486a67226f19a6c4680deb9d4c6106806afb2da
              • Opcode Fuzzy Hash: e94e1347048126fd8dda0d4fd61455c70d1c7beeada07d1cf495e0df839dbb0e
              • Instruction Fuzzy Hash: B191A671900209EFDB119FA8CC49FAE7BB5BF86710F14412DFA00B6192DB7DD9428BA5
              Function 007A1BAC Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 270COMMON
              Download Yara Rule
              APIs
              • GetCurrentProcess.KERNEL32(00000028,?), ref: 007A1C47
              • OpenProcessToken.ADVAPI32(00000000), ref: 007A1C4E
              • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 007A1C7A
              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000), ref: 007A1C8F
              • CloseHandle.KERNEL32(?), ref: 007A1C98
              • OpenProcess.KERNEL32(0000047A,00000000,?), ref: 007A1CA7
              • GetLastError.KERNEL32 ref: 007A1CB3
              • _free.LIBCMT ref: 007A1E33
              • CloseHandle.KERNEL32(00000000), ref: 007A1E57
              • CloseHandle.KERNEL32(?), ref: 007A1E65
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CloseHandleProcess$OpenToken$AdjustCurrentErrorLastLookupPrivilegePrivilegesValue_free
              • String ID: SeDebugPrivilege
              • API String ID: 3722413835-2896544425
              • Opcode ID: 6d31d0cff7b8c5886b2e11f3ea2db42c59a951544edb7e23f26e91455d4754ac
              • Instruction ID: 50eac801776921bfb8973a24b0f734d5842663b7f2117980526918e8793b2a35
              • Opcode Fuzzy Hash: 6d31d0cff7b8c5886b2e11f3ea2db42c59a951544edb7e23f26e91455d4754ac
              • Instruction Fuzzy Hash: EF916D72D00219BBDF119FA5CD49EEFBBB8EF4A750F444129FA04E6251D7388A50CBA4
              Function 007A5910 Relevance: 31.7, APIs: 21, Instructions: 182encryptionCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007A50FA: __time64.LIBCMT ref: 007A5108
                • Part of subcall function 007A50FA: _rand.LIBCMT ref: 007A5121
                • Part of subcall function 007A50FA: _rand.LIBCMT ref: 007A5135
                • Part of subcall function 007A50FA: _rand.LIBCMT ref: 007A5142
                • Part of subcall function 007A50FA: _rand.LIBCMT ref: 007A514F
              • _memcpy_s.LIBCMT ref: 007A593C
              • CryptDuplicateKey.ADVAPI32(?,00000000,00000000,?,?,?,?,?,00000001,?,?,007A3DDF,?,?,?,?), ref: 007A596C
              • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A5976
              • CryptSetKeyParam.ADVAPI32(?,00000004,?,00000000,?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A599B
              • CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A59AC
              • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A59BC
              • CryptSetKeyParam.ADVAPI32(?,00000001,?,00000000,?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A59CC
              • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A59D2
              • htonl.WS2_32(00000001), ref: 007A59D8
              • _memcpy_s.LIBCMT ref: 007A5A17
              • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,-00000010,007A3DDF,?,?,?,?,?,?,?,?,?,?), ref: 007A5A2D
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,?,?,007A3DDF,?), ref: 007A5A37
              • htonl.WS2_32(-00000018), ref: 007A5A4D
              • _memcpy_s.LIBCMT ref: 007A5A61
              • _memcpy_s.LIBCMT ref: 007A5A71
              • _malloc.LIBCMT ref: 007A59EF
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _malloc.LIBCMT ref: 007A5A96
              • htonl.WS2_32(00000000), ref: 007A5AA5
              • _memcpy_s.LIBCMT ref: 007A5AB4
              • _memcpy_s.LIBCMT ref: 007A5AC6
              • CryptDestroyKey.ADVAPI32(00000000,?,?,?,?,?,?,?,00000001,?,?,007A3DDF,?,?,?), ref: 007A5AF2
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Crypt_memcpy_s$ErrorLast_rand$htonl$Param_malloc$AllocDestroyDuplicateEncryptHeapRandom__time64
              • String ID:
              • API String ID: 2509946339-0
              • Opcode ID: 36d43463bfc9c4fa079f6931c6ec3fb34f71b6c90da280c63cf3c27f3fcc399e
              • Instruction ID: c90292f314be8e70275fe9cc86bb0fc474222e02e0d6e32a7254306ec350f985
              • Opcode Fuzzy Hash: 36d43463bfc9c4fa079f6931c6ec3fb34f71b6c90da280c63cf3c27f3fcc399e
              • Instruction Fuzzy Hash: 16616EB1A00209EFDB109FA4CC85FAA7BB8FF49310F148565F905AB252D775E950DFA0
              Function 007A5CD1 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 151encryptionCOMMON
              Download Yara Rule
              APIs
              • CryptDecodeObjectEx.CRYPT32(00000001,00000008,?,?,00008000,00000000,?,?), ref: 007A5D16
              • GetLastError.KERNEL32 ref: 007A5D20
              • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,F0000000), ref: 007A5D44
              • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 007A5D58
              • CryptImportPublicKeyInfo.CRYPT32(?,00000001,?,00006610), ref: 007A5D6A
              • CryptEncrypt.ADVAPI32(00006610,00000000,00000001,00000000,00000000,?,?), ref: 007A5D8F
              • _calloc.LIBCMT ref: 007A5D96
              • _free.LIBCMT ref: 007A5E1D
              • LocalFree.KERNEL32(00000000,00000000,00000000,?), ref: 007A5E2C
              • CryptDestroyKey.ADVAPI32(00000000,00000000,00000000,?), ref: 007A5E3B
              • CryptReleaseContext.ADVAPI32(00000000,00000000,00000000,00000000,?), ref: 007A5E4C
              Strings
              • Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 007A5D34
              • Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 007A5D4E
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Crypt$Context$Acquire$DecodeDestroyEncryptErrorFreeImportInfoLastLocalObjectPublicRelease_calloc_free
              • String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
              • API String ID: 1372360500-947817771
              • Opcode ID: da353378e1334803e23849b01b12d59187e7cde4c2e83b609015dafd7a018d63
              • Instruction ID: abccf0f639255a40fd0ef16ad5459464714eef198ab3d3dc32e92011a89e2666
              • Opcode Fuzzy Hash: da353378e1334803e23849b01b12d59187e7cde4c2e83b609015dafd7a018d63
              • Instruction Fuzzy Hash: 2E51AD71A04609BFDF118F94CC84FEE7BB9EF49740F508269FA04AA191D7758E90CBA0
              Function 007A579E Relevance: 21.1, APIs: 14, Instructions: 139encryptionCOMMON
              Download Yara Rule
              APIs
              • _calloc.LIBCMT ref: 007A57C2
                • Part of subcall function 007B0021: __calloc_impl.LIBCMT ref: 007B0034
              • htonl.WS2_32(?), ref: 007A57DB
              • htonl.WS2_32(?), ref: 007A5803
              • CryptDuplicateKey.ADVAPI32(?,00000000,00000000,?), ref: 007A581E
              • GetLastError.KERNEL32 ref: 007A5828
              • CryptDestroyKey.ADVAPI32(00000000), ref: 007A5901
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Crypthtonl$DestroyDuplicateErrorLast__calloc_impl_calloc
              • String ID:
              • API String ID: 3044516756-0
              • Opcode ID: 7595d0c0a930405d6aebe5c4eca368b3a3f95ec91e61803c3893a2010c1bc3bc
              • Instruction ID: 8199b44b40dac871f686b6bd3dfbdc47a7a28e8caa400857c9309c6f1a7d7577
              • Opcode Fuzzy Hash: 7595d0c0a930405d6aebe5c4eca368b3a3f95ec91e61803c3893a2010c1bc3bc
              • Instruction Fuzzy Hash: 1B418F71600609EFCB10DF68DC85EAB7BA8FF49310F144269FD04D6252DB38D960CBA0
              Function 004096C0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 139COMMON
              Download Yara Rule
              APIs
              • GetFileInformationByHandle.KERNEL32(?,?,00000003,?,?,00000060,?,?,?,00404755,?,?,00000001,00000FFF,?), ref: 004096D9
              • DeviceIoControl.KERNEL32(?,000900C4,00000000,00000000,00000000,00000000,00000000,?), ref: 00409724
              • GetLastError.KERNEL32(?,?,?,00404755,?,?,00000001,00000FFF,?), ref: 0040973C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ControlDeviceErrorFileHandleInformationLast
              • String ID: CancelIo
              • API String ID: 3565310562-2988344177
              • Opcode ID: 5b4297dcc28b15ba0e0f3558a64750a58f09f599b388f21b852e9bef90daabf7
              • Instruction ID: 3e939fd83af9fc51f0f6c84d4415395016cc3e490bdac680781bafe8d471883f
              • Opcode Fuzzy Hash: 5b4297dcc28b15ba0e0f3558a64750a58f09f599b388f21b852e9bef90daabf7
              • Instruction Fuzzy Hash: 01418072760205EBE720DF65DC81B6B73A8EB84714F04867BED09E77C1D678EC018A98
              Function 004070D0 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304stringCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _isctype$strncmp
              • String ID: $%$I64d
              • API String ID: 1540279034-4085867986
              • Opcode ID: 57bee6e5013779966081a9f1aa070e5e68e0e3fafd60283fa721bb66dd656735
              • Instruction ID: eefe65c54441297a669a388be7fcce8e2ddf0ff82c1c4b1b7305ffde71ed2eab
              • Opcode Fuzzy Hash: 57bee6e5013779966081a9f1aa070e5e68e0e3fafd60283fa721bb66dd656735
              • Instruction Fuzzy Hash: 1BB1C670D08285CFDB14CF68C8906AEBBB1BF85304F24417BD851AB391D778A952DF56
              Function 007A828E Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91pipeCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007A770B: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 007A7717
                • Part of subcall function 007A770B: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 007A771E
                • Part of subcall function 007A770B: GetLastError.KERNEL32(?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?,?,?,?,?), ref: 007A7728
              • CreateNamedPipeW.KERNEL32(?,00000003,00000000,000000FF,00010000,00010000,00000000,?), ref: 007A82E6
              • GetLastError.KERNEL32 ref: 007A82EA
              • CreateNamedPipeW.KERNEL32(?,00000003,00000000,000000FF,00010000,00010000,00000000,00000000), ref: 007A8323
              • GetLastError.KERNEL32 ref: 007A8327
                • Part of subcall function 007A7604: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,74DF22C0), ref: 007A7632
                • Part of subcall function 007A7604: SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?), ref: 007A7676
                • Part of subcall function 007A7604: AllocateAndInitializeSid.ADVAPI32(?,00000001,00001000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,007A77D9), ref: 007A769E
                • Part of subcall function 007A7604: LocalAlloc.KERNEL32(00000040,00000100), ref: 007A76AE
                • Part of subcall function 007A7604: InitializeAcl.ADVAPI32(00000000,00000100,00000004), ref: 007A76B6
                • Part of subcall function 007A7604: LocalAlloc.KERNEL32(00000040,00000014,00000000,00000004,00000004,00000000,007A77D9), ref: 007A76D0
                • Part of subcall function 007A7604: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 007A76D7
                • Part of subcall function 007A7604: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 007A76E4
                • Part of subcall function 007A7604: SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 007A76EF
              • ConnectNamedPipe.KERNEL32(00000000,00000000), ref: 007A833D
              • GetLastError.KERNEL32 ref: 007A8347
              • CloseHandle.KERNEL32(00000000), ref: 007A8368
                • Part of subcall function 007A770B: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 007A7739
                • Part of subcall function 007A770B: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,00000000), ref: 007A7776
                • Part of subcall function 007A770B: CloseHandle.KERNEL32(?), ref: 007A7790
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorInitializeLast$DescriptorNamedPipeSecurity$AllocAllocateCloseCreateHandleLocalProcessToken$AdjustConnectCurrentDaclEntriesLookupOpenPrivilegePrivilegesSaclValue
              • String ID: SeSecurityPrivilege$SeSecurityPrivilege
              • API String ID: 139426882-1340523147
              • Opcode ID: 9b49ad91c11a13365ac593de843a2d28be1b33c213786c79b92658942f11fc70
              • Instruction ID: a7784362461cc402a4330ff31d582bdc19d1bc82a2201709d9840fc5118fe6d8
              • Opcode Fuzzy Hash: 9b49ad91c11a13365ac593de843a2d28be1b33c213786c79b92658942f11fc70
              • Instruction Fuzzy Hash: E021F731A40118BADB21A7759C49FBE7B6CEF83BA0F104325F914E60C1DA7889418AE5
              Function 00406B10 Relevance: 13.7, APIs: 9, Instructions: 193timeCOMMON
              Download Yara Rule
              APIs
              • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00406B69
              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00406B7B
              • SystemTimeToFileTime.KERNEL32(?,00402FCF,00402FCF,?,000F4240,00000000), ref: 00406BA9
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406BC2
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406BDA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406BED
              • FileTimeToLocalFileTime.KERNEL32(?,00402FCF,-48461031,?,0000000A,00000000,?,00000000,?), ref: 00406C41
              • FileTimeToSystemTime.KERNEL32(00402FCF,?), ref: 00406C4F
              • GetTimeZoneInformation.KERNEL32(?,00402FCF,?,000F4240,00000000), ref: 00406C7C
                • Part of subcall function 00406D10: GetTimeZoneInformation.KERNEL32(00410440,?,00406B5E,00000000,-48461031,?,0000000A,00000000,?,00000000,?), ref: 00406D21
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Time$File$System$Unothrow_t@std@@@__ehfuncinfo$??2@$InformationLocalZone$Specific
              • String ID:
              • API String ID: 3622107965-0
              • Opcode ID: 1f7ed89566010cc1e9d43ea2b95156d316337c3de510c96baad5095354ff3cf3
              • Instruction ID: f768c43612ade8e4aa87fc50379748b2922fab9fddd5b7b771dcf40895142d94
              • Opcode Fuzzy Hash: 1f7ed89566010cc1e9d43ea2b95156d316337c3de510c96baad5095354ff3cf3
              • Instruction Fuzzy Hash: 6051CA71A00119AFDB18DF65DC85EAF77B9EB88304F10866EF906FB285E670AD04C794
              Function 007A7604 Relevance: 13.6, APIs: 9, Instructions: 108memoryCOMMON
              Download Yara Rule
              APIs
              • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,74DF22C0), ref: 007A7632
              • SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?), ref: 007A7676
              • AllocateAndInitializeSid.ADVAPI32(?,00000001,00001000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,007A77D9), ref: 007A769E
              • LocalAlloc.KERNEL32(00000040,00000100), ref: 007A76AE
              • InitializeAcl.ADVAPI32(00000000,00000100,00000004), ref: 007A76B6
                • Part of subcall function 007A729A: LoadLibraryA.KERNEL32(advapi32.dll,?,007A76CC,00000000,00000004,00000004,00000000,007A77D9), ref: 007A72B5
                • Part of subcall function 007A729A: GetProcAddress.KERNEL32(00000000,AddMandatoryAce), ref: 007A72C5
              • LocalAlloc.KERNEL32(00000040,00000014,00000000,00000004,00000004,00000000,007A77D9), ref: 007A76D0
              • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 007A76D7
              • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 007A76E4
              • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 007A76EF
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Initialize$DescriptorSecurity$AllocAllocateLocal$AddressDaclEntriesLibraryLoadProcSacl
              • String ID:
              • API String ID: 2917215309-0
              • Opcode ID: 255a29e764e136bc436f043adda9b27763e55cf691fedce18463d1a8c1606bb7
              • Instruction ID: a87f6a43a6e10b0da4c3299e2a9c9d400dd16111d5094cf7e65751690b20e81b
              • Opcode Fuzzy Hash: 255a29e764e136bc436f043adda9b27763e55cf691fedce18463d1a8c1606bb7
              • Instruction Fuzzy Hash: 9E31EBB190020CBFEB10CF94DC85FEEBBBCEB09755F50406AF604A6291D7B559418B65
              Function 007A2AC6 Relevance: 12.1, APIs: 8, Instructions: 123memoryCOMMON
              Download Yara Rule
              APIs
              • OpenProcess.KERNEL32(0000047A,00000000,?), ref: 007A2B13
              • GetLastError.KERNEL32 ref: 007A2B1F
              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000004), ref: 007A2B43
              • GetLastError.KERNEL32 ref: 007A2B4F
              • CloseHandle.KERNEL32(00000000), ref: 007A2BEC
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$AllocCloseHandleOpenProcessVirtual
              • String ID:
              • API String ID: 1758641474-0
              • Opcode ID: a538abcd9985b15159c72f01369b15d57c69d200b7070ea703cb9029cab1912b
              • Instruction ID: 24120ffb66f08060fb78c50631eb5b6fa5da3054b68a8e0250020cf36829eb6f
              • Opcode Fuzzy Hash: a538abcd9985b15159c72f01369b15d57c69d200b7070ea703cb9029cab1912b
              • Instruction Fuzzy Hash: EE310772600215FBDB215F598C45FAB7B78EF86B50F004129FE04A6181E678DC51DBB5
              Function 00409C80 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177memoryCOMMON
              Download Yara Rule
              APIs
              • AllocateAndInitializeSid.ADVAPI32(00409C60,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00410684,?,?,00000000,?,?), ref: 00409CD9
              • SetLastError.KERNEL32(00000001,?,?,00000000,?,?,?), ref: 00409DC8
              • SetLastError.KERNEL32(00000001,?,?,00000000,?,?,?), ref: 00409DD2
              • SetLastError.KERNEL32(00000001,?,?,00000000,?,?,?), ref: 00409E74
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$AllocateInitialize
              • String ID: W@$GetEffectiveRightsFromAclW
              • API String ID: 866321161-2553180354
              • Opcode ID: fbef195182be7dbf8cfc14502354f37206fc78d51f41bd26b1983f5372ee90dd
              • Instruction ID: 13e6f3467d2bc116686ee1f056e483cd005715f687a932f7b4b7ccbb46668c95
              • Opcode Fuzzy Hash: fbef195182be7dbf8cfc14502354f37206fc78d51f41bd26b1983f5372ee90dd
              • Instruction Fuzzy Hash: 6C5151B0A40205AFDB20DF58D8C1BAF77A5AB54304F14843EE51AA72C2D7799D84CBA9
              Function 007A5B01 Relevance: 10.6, APIs: 7, Instructions: 141encryptionCOMMON
              Download Yara Rule
              APIs
              • _calloc.LIBCMT ref: 007A5B29
                • Part of subcall function 007A5C90: CryptDestroyKey.ADVAPI32(?,H{z,?,007A61B1,H{z,75BFBD50,?,007A7B48,00000000), ref: 007A5CA7
                • Part of subcall function 007A5C90: CryptReleaseContext.ADVAPI32(75BFBD50,00000000,H{z,?,007A61B1,H{z,75BFBD50,?,007A7B48,00000000), ref: 007A5CB9
                • Part of subcall function 007A5C90: _free.LIBCMT ref: 007A5CC2
              • CryptAcquireContextW.ADVAPI32(00000000,00000000,007C8618,00000018,00000000), ref: 007A5B5D
              • GetLastError.KERNEL32 ref: 007A5B67
              • CryptGenRandom.ADVAPI32(00000000,00000020,0000001C), ref: 007A5BAE
              • CryptImportKey.ADVAPI32(00000000,00000010,0000002C,00000000,00000000,00000004), ref: 007A5BC5
              • GetLastError.KERNEL32 ref: 007A5BCF
              • _free.LIBCMT ref: 007A5C42
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Crypt$ContextErrorLast_free$AcquireDestroyImportRandomRelease_calloc
              • String ID:
              • API String ID: 1247967341-0
              • Opcode ID: e0ea50967788fff80a1638667cbe675a84a3cab744ea459c7fcd4893c984d61a
              • Instruction ID: d6aa171d4e5fa375954239c2b052f5f050b49ab72d3497e4c2529fcc77c5f9cd
              • Opcode Fuzzy Hash: e0ea50967788fff80a1638667cbe675a84a3cab744ea459c7fcd4893c984d61a
              • Instruction Fuzzy Hash: 7F41F0B1900705FFDB209F64CC49F9EBBB5FF46710F104259F908AA192D7799A90CBA4
              Function 007A770B Relevance: 9.1, APIs: 6, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 007A7717
              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 007A771E
              • GetLastError.KERNEL32(?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?,?,?,?,?), ref: 007A7728
              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 007A7739
              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,00000000), ref: 007A7776
              • CloseHandle.KERNEL32(?), ref: 007A7790
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
              • String ID:
              • API String ID: 3398352648-0
              • Opcode ID: 0f60db2b6729657023842f1c028dcfce9d9981817b3fcadf824beacab504fb5a
              • Instruction ID: 12952f34d948dc6bd6732150c77da19e2551af89a959af598254d2e89edc6e77
              • Opcode Fuzzy Hash: 0f60db2b6729657023842f1c028dcfce9d9981817b3fcadf824beacab504fb5a
              • Instruction Fuzzy Hash: 25111575A00209AFDB04DFA4DD49FEEBBF8FB09301F404569EA15E6250E739DA80CB61
              Function 0040A720 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 171COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _isctype$Versionatoi
              • String ID: I_@
              • API String ID: 360680596-3421859670
              • Opcode ID: af4aff7534a77a33defcaa862ad40fe4b827b1faaf989ef55baef6d0aa869133
              • Instruction ID: e44e724456581220f9f3eb0f89e9ce8180b0e551fc54c68c799f1b0576f17104
              • Opcode Fuzzy Hash: af4aff7534a77a33defcaa862ad40fe4b827b1faaf989ef55baef6d0aa869133
              • Instruction Fuzzy Hash: F551E175A083418BEB20AB2489547B633A19B46300F25C977D982FB3D5D23CD9A38B5F
              Function 007A5C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25encryptionCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • CryptDestroyKey.ADVAPI32(?,H{z,?,007A61B1,H{z,75BFBD50,?,007A7B48,00000000), ref: 007A5CA7
              • CryptReleaseContext.ADVAPI32(75BFBD50,00000000,H{z,?,007A61B1,H{z,75BFBD50,?,007A7B48,00000000), ref: 007A5CB9
              • _free.LIBCMT ref: 007A5CC2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Crypt$ContextDestroyRelease_free
              • String ID: H{z$H{z
              • API String ID: 965609376-365772034
              • Opcode ID: 55391a748e042303e2989ea5cf3e23ca1d03b72bb4ab350a2731398d7395dac5
              • Instruction ID: e9dba517f20e1df8be219b6911a12a313a70fbdb9a80b9590ecadd614ebb7795
              • Opcode Fuzzy Hash: 55391a748e042303e2989ea5cf3e23ca1d03b72bb4ab350a2731398d7395dac5
              • Instruction Fuzzy Hash: E8F03232101B419FDB219B56DD08B42BBE5AB02366F488468E9058B6B1C7B8E8C0CB54
              Function 007A88C8 Relevance: 7.5, APIs: 5, Instructions: 33networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastacceptbindclosesocketlisten
              • String ID:
              • API String ID: 3590725066-0
              • Opcode ID: 6c67d04cb3534aa7b2b1770ff343332c6ced876c01091632af702ccadf1e5f89
              • Instruction ID: 9228dd1c0dbec539d52a8a0020c3e500f40a160af9c417070ab5f9fbbd156feb
              • Opcode Fuzzy Hash: 6c67d04cb3534aa7b2b1770ff343332c6ced876c01091632af702ccadf1e5f89
              • Instruction Fuzzy Hash: 58F01D38200014AFCB111F65DC0C89A7F65FF063B1B908325F929C51F1CB398D61EB95
              Function 007A4F7E Relevance: 6.1, APIs: 4, Instructions: 66injectionmemorythreadCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000004,007C5470,00000010), ref: 007A4FCB
              • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 007A4FDF
              • VirtualProtectEx.KERNEL32(?,?,?,00000020,00000000), ref: 007A4FF2
              • CreateRemoteThread.KERNEL32(?,00000000,00100000,?,?,00000000,?), ref: 007A5011
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
              • String ID:
              • API String ID: 1113946311-0
              • Opcode ID: 3733c9c8ec159a5a3b0c26cd2783a45eb839bd1f45bc627f8a33862d1561f405
              • Instruction ID: 643ab4ff6d99c2fb109ad69928403d18eae7ce298a030ccb3705e858188313c2
              • Opcode Fuzzy Hash: 3733c9c8ec159a5a3b0c26cd2783a45eb839bd1f45bc627f8a33862d1561f405
              • Instruction Fuzzy Hash: 17119DB160061AFBDB218F65CC45FAF3F68EF8AB90F048219FA0496191C778D940DFA4
              Function 00408B40 Relevance: 4.6, APIs: 3, Instructions: 55networkCOMMON
              Download Yara Rule
              APIs
              • WSARecv.WS2_32(?,?,00000001,?,?,00000000,00000000), ref: 00408B7C
              • WSAGetLastError.WSOCK32 ref: 00408B8E
              • WSAGetLastError.WSOCK32 ref: 00408B9E
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$Recv
              • String ID:
              • API String ID: 3000205240-0
              • Opcode ID: 6744492262c5ce8d26d4a084f7b205447c6b8b9cc931996caabdd27e42bbb9d9
              • Instruction ID: 8aa1ee1d6ec978486d32d59d971503ef31e8af1e2e674fecaa2e91ad41fd1a53
              • Opcode Fuzzy Hash: 6744492262c5ce8d26d4a084f7b205447c6b8b9cc931996caabdd27e42bbb9d9
              • Instruction Fuzzy Hash: 21113C72A40209ABD710DFA8DD41BEEB7F8EB54320F10466EE954D7380E6B5AA508B90
              Function 0040A940 Relevance: 4.5, APIs: 3, Instructions: 35libraryloaderCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(?,00000000,?,00405D79,00000004,CommandLineToArgvW,00000000,?,?,?,?,0040104A,?,?,00000000), ref: 0040A961
              • GetProcAddress.KERNEL32(?,00000000), ref: 0040A97B
              • GetProcAddress.KERNEL32(00000000,?), ref: 0040A98B
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc$LibraryLoad
              • String ID:
              • API String ID: 2238633743-0
              • Opcode ID: 624ee205da11f3697e7001c3b1581b80710f2290fefec316ce73921765a46f74
              • Instruction ID: 976f93453bf7f797170d9925195a6ead49eccb493f24a6c4b1e09334e13bcef4
              • Opcode Fuzzy Hash: 624ee205da11f3697e7001c3b1581b80710f2290fefec316ce73921765a46f74
              • Instruction Fuzzy Hash: 76F0DA71300209DBDB10DFA8FC849AAB3ACEB84755301852AF989D3250D635E851DBA8
              Function 00406A00 Relevance: 3.0, APIs: 2, Instructions: 24timeCOMMON
              Download Yara Rule
              APIs
              • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 00406A0B
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406A24
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
              • String ID:
              • API String ID: 1518329722-0
              • Opcode ID: 7388d572124b769b0b0fbac3be0d4ab07429a53ad312db60128dddaf92bde823
              • Instruction ID: 7537e3f23ebfb616e00f6b1dea0b49684ed79cb07351c3035d2707822383b3d7
              • Opcode Fuzzy Hash: 7388d572124b769b0b0fbac3be0d4ab07429a53ad312db60128dddaf92bde823
              • Instruction Fuzzy Hash: 49E07D30E0012CB7CB24DFB5AC09CAF7BACDF45710F0043697C05E7180D530890482D4
              Function 007B8C43 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,007B4B92,?,?,?,00000000), ref: 007B8C48
              • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 007B8C51
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: 43de4db08585ce9966fac5c04828bc9b5aedd0be7a2115ee40be14d4a106207c
              • Instruction ID: 00dfc5c0f4a66c1cc9179b0079f40ea16eda8aee46031ccd1cd42ed015dc0701
              • Opcode Fuzzy Hash: 43de4db08585ce9966fac5c04828bc9b5aedd0be7a2115ee40be14d4a106207c
              • Instruction Fuzzy Hash: 67B0923104820CABDB002B92EC09F883F28EB06692F848024F60D848668B6A94908B99
              Function 00434509 Relevance: 2.4, APIs: 1, Instructions: 881COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __invoke_watson
              • String ID:
              • API String ID: 3648217671-0
              • Opcode ID: 859c7255aa7f4c93d28cda40d724e5b77a140a06b565b1d3979a02da95ba6089
              • Instruction ID: b18a77108194568fb2f2af6c45293c3709dd07624191453f94e639692f568670
              • Opcode Fuzzy Hash: 859c7255aa7f4c93d28cda40d724e5b77a140a06b565b1d3979a02da95ba6089
              • Instruction Fuzzy Hash: AA628F75E002598BDF24CFA8C8412EEBBB1FF98314F25916BD855EB341D778A942CB48
              Function 00434509 Relevance: 2.4, APIs: 1, Instructions: 881COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __invoke_watson
              • String ID:
              • API String ID: 3648217671-0
              • Opcode ID: 859c7255aa7f4c93d28cda40d724e5b77a140a06b565b1d3979a02da95ba6089
              • Instruction ID: b18a77108194568fb2f2af6c45293c3709dd07624191453f94e639692f568670
              • Opcode Fuzzy Hash: 859c7255aa7f4c93d28cda40d724e5b77a140a06b565b1d3979a02da95ba6089
              • Instruction Fuzzy Hash: AA628F75E002598BDF24CFA8C8412EEBBB1FF98314F25916BD855EB341D778A942CB48
              Function 007ADBF2 Relevance: 2.2, APIs: 1, Instructions: 746COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: 304c4be59f60cda4fc7a1bfced02150dc5e3ac381ba16bc965873f4ef09978f0
              • Instruction ID: 6752c0b8e67ad6065bf4252bd08c7f3cd5b682c7e275d478e62e68b32d6bf45d
              • Opcode Fuzzy Hash: 304c4be59f60cda4fc7a1bfced02150dc5e3ac381ba16bc965873f4ef09978f0
              • Instruction Fuzzy Hash: 5D620E71A0060AEFDF14CF58C994AADBBB5FF89311F108629E819D7641E738EA50CF90
              Function 007AF04D Relevance: 1.6, Strings: 1, Instructions: 369COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: &z
              • API String ID: 0-688295213
              • Opcode ID: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
              • Instruction ID: 0a3d982ce390a52c707f6ddf8f73200bc9a64b6aaf4e9bc5a47723ca0fbafc6f
              • Opcode Fuzzy Hash: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
              • Instruction Fuzzy Hash: DCF1D471E002199FCF14CFA8D880AADBBB5FF99314F24826AE859E7341D734A945CF90
              Function 0040B400 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: L@A
              • API String ID: 0-2003014581
              • Opcode ID: 2c761c62467a0cd90ccb4fc3162e0f359b8c51ee35fd4d21315c451b11e636d6
              • Instruction ID: 5e3868d71a7fe99f348dcddcde369764a68d8868577f10f4b26ba3043811bc01
              • Opcode Fuzzy Hash: 2c761c62467a0cd90ccb4fc3162e0f359b8c51ee35fd4d21315c451b11e636d6
              • Instruction Fuzzy Hash: 4A31E61650DBC38DE306CB3C48D42AAFF92DDAA10871D93E8C8D55B747C2B29459C3E5
              Function 00406A40 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: bl@
              • API String ID: 0-193373031
              • Opcode ID: 28cfcff3299627df230db9337f47d6e99621e28b3a4101e37f622bbc26817848
              • Instruction ID: 5fb706f52daeeb1b4cf07fcc05237cc234a1a6869ecb5e221bbd35b80fdd3801
              • Opcode Fuzzy Hash: 28cfcff3299627df230db9337f47d6e99621e28b3a4101e37f622bbc26817848
              • Instruction Fuzzy Hash: 4D210A75A006118BD718DF5AC440852BBE3EFD8718729C1AEC8098F36AE772D953CB90
              Function 007B3BE8 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetProcessHeap.KERNEL32(007B38B1,007C54B0,00000008,007B3A87,?,00000001,?,007C54D0,0000000C,007B3A26,?,00000001,?), ref: 007B3BE8
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: HeapProcess
              • String ID:
              • API String ID: 54951025-0
              • Opcode ID: 93b32eea3760f6ae57b313abd834a1ead9733e6113e3af68b3822ba89e01ec74
              • Instruction ID: 7293c481108fa9973cc6995b9b6d90e788e04c33b5e4dd852b40d424425e7356
              • Opcode Fuzzy Hash: 93b32eea3760f6ae57b313abd834a1ead9733e6113e3af68b3822ba89e01ec74
              • Instruction Fuzzy Hash: CDB012B830210247870D4B387C6455A3BD46708201372C03DB007C2160DF34C9609A48
              Function 007A5168 Relevance: .5, Instructions: 458COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0911f3fb7ff9ca4e42fbf98101b4cd6e9d819dc6edbf79a3e30d88375ed4576
              • Instruction ID: 17e806adc8ae08f6bfec4cc6d667dfee40a4e3abfd0629a182eeb0e3101590c6
              • Opcode Fuzzy Hash: d0911f3fb7ff9ca4e42fbf98101b4cd6e9d819dc6edbf79a3e30d88375ed4576
              • Instruction Fuzzy Hash: EE026CB1A00A069FDB24CF98C9807ADB7F1FF8A314F284269E951AB351D378AD51CB50
              Function 0042444D Relevance: .4, Instructions: 369COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
              • Instruction ID: 5176bf6a0ebf3b53ca154e6080741f0f71c045d3cfdbb10ef0e211934d0a9acf
              • Opcode Fuzzy Hash: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
              • Instruction Fuzzy Hash: 4EF1F575E102299FCF14CFA8E580AADBBF1FB89314F64816AE859E7340D734A981CF54
              Function 0042444D Relevance: .4, Instructions: 369COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
              • Instruction ID: 5176bf6a0ebf3b53ca154e6080741f0f71c045d3cfdbb10ef0e211934d0a9acf
              • Opcode Fuzzy Hash: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
              • Instruction Fuzzy Hash: 4EF1F575E102299FCF14CFA8E580AADBBF1FB89314F64816AE859E7340D734A981CF54
              Function 007B1E79 Relevance: .3, Instructions: 345COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction ID: 34dc4a29cd486fedecbb551972c5a9932043e22aa40a9b840a7d18a51148bace
              • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction Fuzzy Hash: B3C1E63620609309DF2D463DC8343BEFBA15EA27B139A476ED4B3CB1C5EE28D525D620
              Function 00427279 Relevance: .3, Instructions: 345COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction ID: 97af5fb5551d64c60689e7ae9d513a8e9ae2c3837d09f9e842f50552c2552be6
              • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction Fuzzy Hash: E4C1A4363091734ADB2D463DE43403FFAA15A927B139B075FD8B6CB2C4EE18C965D628
              Function 00427279 Relevance: .3, Instructions: 345COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction ID: 97af5fb5551d64c60689e7ae9d513a8e9ae2c3837d09f9e842f50552c2552be6
              • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction Fuzzy Hash: E4C1A4363091734ADB2D463DE43403FFAA15A927B139B075FD8B6CB2C4EE18C965D628
              Function 007B22AE Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction ID: 274c0ea9b064ce512011e2b6c96b3cdcda9611bd60d60c0f374178627e423f44
              • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction Fuzzy Hash: 05C1D9362060930ADF2D4639C8343BEFBA15EA27B135A476ED4B3CB1D5EE18D526D520
              Function 004276AE Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction ID: 41fcc3049d881c43d08ad03bd388c58cb9109b1b712748ccf9ef8ae4ae0a2c21
              • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction Fuzzy Hash: E5C192363091B349DB2D463ED43403FFAA15A927B135B076FD4B6CB2C4EE28C965D628
              Function 004276AE Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction ID: 41fcc3049d881c43d08ad03bd388c58cb9109b1b712748ccf9ef8ae4ae0a2c21
              • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction Fuzzy Hash: E5C192363091B349DB2D463ED43403FFAA15A927B135B076FD4B6CB2C4EE28C965D628
              Function 007B1A44 Relevance: .3, Instructions: 331COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction ID: d3e5ed9af59d3281104e2c9a40f1d7f70e6522dc7ccfb9a230929eb04bd25879
              • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction Fuzzy Hash: DBC195362061A309DF2D4639D8343BEFBA15AA27B13DA476ED4B3CB1C4FE18D525D620
              Function 00426E44 Relevance: .3, Instructions: 331COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction ID: 616f5c1a7bf626f28784ec591413fdbae3cb85cedc92728a35550d7a6d9514e1
              • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction Fuzzy Hash: 16C160363091B349DF1D463DE43403FFAA15AA27B139B076ED4B6CB2C4EE18C9759628
              Function 00426E44 Relevance: .3, Instructions: 331COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction ID: 616f5c1a7bf626f28784ec591413fdbae3cb85cedc92728a35550d7a6d9514e1
              • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction Fuzzy Hash: 16C160363091B349DF1D463DE43403FFAA15AA27B139B076ED4B6CB2C4EE18C9759628
              Function 007B162C Relevance: .3, Instructions: 323COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction ID: d96c9167651773196f9a3ebe0a53f72fc97e7a8520c3a998e29ff6acd5fe8f50
              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction Fuzzy Hash: 12C1B63620609309DF2D4639D8343BEFBA15EA27B13DA476ED4B3CB1C4EE28D565D620
              Function 00426A2C Relevance: .3, Instructions: 323COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction ID: ec62162de35b25cbdffe48ebb03971a218b56aeeb144a756bfa0d29483599f49
              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction Fuzzy Hash: 70C171363050B349DF2D463EE43403FFAA15AA27B139B076ED4B6CB2C4EE28D9759518
              Function 00426A2C Relevance: .3, Instructions: 323COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction ID: ec62162de35b25cbdffe48ebb03971a218b56aeeb144a756bfa0d29483599f49
              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction Fuzzy Hash: 70C171363050B349DF2D463EE43403FFAA15AA27B139B076ED4B6CB2C4EE28D9759518
              Function 007AA78D Relevance: .3, Instructions: 283COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 145f5760f2292e549fa9985c184c83dec4a3b096ab3fe6f7bfbd008fe865e535
              • Instruction ID: 63ebb401e523541b1939ddbf6466e84b4446d2afb87b203861b9fe66a4c42734
              • Opcode Fuzzy Hash: 145f5760f2292e549fa9985c184c83dec4a3b096ab3fe6f7bfbd008fe865e535
              • Instruction Fuzzy Hash: 24C106B1604B00DFD331CF19C484A22B7F0FF8A315B258A5ED9AA8B691D739E846CF51
              Function 00404310 Relevance: 115.7, APIs: 34, Strings: 32, Instructions: 183COMMON
              Download Yara Rule
              APIs
              Strings
              • -H attribute Add Arbitrary header line, eg. 'Accept-Encoding: gzip', xrefs: 00404456
              • -P attribute Add Basic Proxy Authentication, the attributes, xrefs: 00404499
              • -c concurrency Number of multiple requests to make, xrefs: 00404356
              • Inserted after all normal header lines. (repeatable), xrefs: 00404467
              • 'application/x-www-form-urlencoded', xrefs: 004043BD
              • -w Print out results in HTML tables, xrefs: 004043EF
              • -b windowsize Size of TCP send/receive buffer, in bytes, xrefs: 00404377
              • Usage: %s [options] [http://]hostname[:port]/path, xrefs: 00404327
              • -V Print version number and exit, xrefs: 004044CE
              • -C attribute Add cookie, eg. 'Apache=1234. (repeatable), xrefs: 00404445
              • -e filename Output CSV file with percentages served, xrefs: 00404521
              • -d Do not show percentiles served table., xrefs: 004044EF
              • -k Use HTTP KeepAlive feature, xrefs: 004044DE
              • -v verbosity How much troubleshooting info to print, xrefs: 004043DE
              • -h Display usage information (this message), xrefs: 00404548
              • -g filename Output collected data to gnuplot format file., xrefs: 00404510
              • -X proxy:port Proxyserver and port number to use, xrefs: 004044C0
              • -t timelimit Seconds to max. wait for responses, xrefs: 00404367
              • -n requests Number of requests to perform, xrefs: 00404345
              • Default is 'text/plain', xrefs: 004043CE
              • -A attribute Add Basic WWW Authentication, the attributes, xrefs: 00404477
              • -p postfile File containing data to POST. Remember also to set -T, xrefs: 00404388
              • -u putfile File containing data to PUT. Remember also to set -T, xrefs: 00404399
              • -i Use HEAD instead of GET, xrefs: 00404400
              • -S Do not show confidence estimators and warnings., xrefs: 00404500
              • -y attributes String to insert as tr attributes, xrefs: 0040441B
              • -r Don't exit on socket receive errors., xrefs: 00404532
              • Options are:, xrefs: 00404335
              • are a colon separated username and password., xrefs: 00404488, 004044A9
              • -z attributes String to insert as td or th attributes, xrefs: 00404438
              • -T content-type Content-type header for POSTing, eg., xrefs: 004043AF
              • -x attributes String to insert as table attributes, xrefs: 00404410
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$exit
              • String ID: 'application/x-www-form-urlencoded'$ Default is 'text/plain'$ Inserted after all normal header lines. (repeatable)$ are a colon separated username and password.$ -A attribute Add Basic WWW Authentication, the attributes$ -C attribute Add cookie, eg. 'Apache=1234. (repeatable)$ -H attribute Add Arbitrary header line, eg. 'Accept-Encoding: gzip'$ -P attribute Add Basic Proxy Authentication, the attributes$ -S Do not show confidence estimators and warnings.$ -T content-type Content-type header for POSTing, eg.$ -V Print version number and exit$ -X proxy:port Proxyserver and port number to use$ -b windowsize Size of TCP send/receive buffer, in bytes$ -c concurrency Number of multiple requests to make$ -d Do not show percentiles served table.$ -e filename Output CSV file with percentages served$ -g filename Output collected data to gnuplot format file.$ -h Display usage information (this message)$ -i Use HEAD instead of GET$ -k Use HTTP KeepAlive feature$ -n requests Number of requests to perform$ -p postfile File containing data to POST. Remember also to set -T$ -r Don't exit on socket receive errors.$ -t timelimit Seconds to max. wait for responses$ -u putfile File containing data to PUT. Remember also to set -T$ -v verbosity How much troubleshooting info to print$ -w Print out results in HTML tables$ -x attributes String to insert as table attributes$ -y attributes String to insert as tr attributes$ -z attributes String to insert as td or th attributes$Options are:$Usage: %s [options] [http://]hostname[:port]/path
              • API String ID: 3254994702-1132481021
              • Opcode ID: 4dd47cd2ce57d1e8714cf3742f739bea04fd02986a2d8bfd6b271de71045e575
              • Instruction ID: 5db5bfe4e2c26438aa79572f1c93178e7e99ecfebcf8e1aedc09d9b68d23ffb1
              • Opcode Fuzzy Hash: 4dd47cd2ce57d1e8714cf3742f739bea04fd02986a2d8bfd6b271de71045e575
              • Instruction Fuzzy Hash: 99516BF7E61215F7F304A7AAEDC2F5636A95A48640314CB37F106B32D0D5B8E8588B9C
              Function 00401790 Relevance: 72.2, APIs: 13, Strings: 28, Instructions: 481COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: printf$calloc$fflushfprintfmallocsignal
              • String ID: Server timed out$Test aborted after 10 failures$%s %s HTTP/1.0%s%s%s%s$%s %s HTTP/1.0%s%s%sContent-length: %uContent-type: %s%s$(be patient)%s$...$..done$2.3$@8A$Accept: */*$Benchmarking %s $Connection: Keep-Alive$Finished %d requests$GET$HEAD$Host: $INFO: %s header == ---%s---$POST$PUT$Request too long$User-Agent: ApacheBench/$[through %s:%d] $apr_poll$apr_pollset_create failed$apr_sockaddr_info_get() for %s$apr_socket_connect()$error creating request buffer: out of memory$text/plain
              • API String ID: 1904654689-1036632920
              • Opcode ID: bb850c4490a32022031f79d54eb7fd9fbaf972e1398d04f13b4e89d1111c74c5
              • Instruction ID: a4c2794aa5802cd3dad7f413f751d84451793c07ce97d2701b697619b91be45d
              • Opcode Fuzzy Hash: bb850c4490a32022031f79d54eb7fd9fbaf972e1398d04f13b4e89d1111c74c5
              • Instruction Fuzzy Hash: D002C4B5A002009BD714DB95ED85BAB33A9EB88704F14C13AF909B73E1D778AD448B9D
              Function 00401750 Relevance: 72.2, APIs: 15, Strings: 26, Instructions: 437COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: printf$calloc$exitfflushfprintf
              • String ID: Server timed out$Test aborted after 10 failures$%s$%s %s HTTP/1.0%s%s%s%s$(be patient)%s$...$2.3$Accept: */*$Benchmarking %s $Connection: Keep-Alive$Finished %d requests$GET$HEAD$Host: $INFO: %s header == ---%s---$POST$PUT$Request too long$Total of %d requests completed$User-Agent: ApacheBench/$[through %s:%d] $apr_poll$apr_pollset_create failed$apr_sockaddr_info_get() for %s$apr_socket_connect()$error creating request buffer: out of memory
              • API String ID: 4071646354-2456507862
              • Opcode ID: 8bd2bb2d0e5180cf557dbe42b02564fb005c9e549dcebbb57078aed9f11bbeb8
              • Instruction ID: 28f00e7733a26f175cd4978669a42ebc2534a3cb1989eb7e341fcfa495c25d2a
              • Opcode Fuzzy Hash: 8bd2bb2d0e5180cf557dbe42b02564fb005c9e549dcebbb57078aed9f11bbeb8
              • Instruction Fuzzy Hash: 12E1C475A002049BD714EB95ED85BAB33A9EB88708F14C13AF905F73E1D778AD448B9C
              Function 00403C60 Relevance: 53.0, APIs: 15, Strings: 15, Instructions: 470stringCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00408B40: WSARecv.WS2_32(?,?,00000001,?,?,00000000,00000000), ref: 00408B7C
                • Part of subcall function 00408B40: WSAGetLastError.WSOCK32 ref: 00408B8E
              • fprintf.MSVCRT ref: 00403D6B
              • printf.MSVCRT ref: 00403E46
              • strstr.MSVCRT ref: 00403E5E
              • strstr.MSVCRT ref: 00403E74
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: strstr$ErrorLastRecvfprintfprintf
              • String ID: Test aborted after 10 failures$$%s: %s (%d)$500$Completed %d requests$Content-Length:$Content-length:$HTTP$Keep-Alive$LOG: Response code = %s$LOG: header received:%s$Server:$WARNING: Response code not 2xx (%s)$apr_socket_recv$keep-alive
              • API String ID: 2173821265-2285042995
              • Opcode ID: 4854fe39c6aec97a9b9e0f61d727125c7a55b98e2185efcb8959e75e8f001c1c
              • Instruction ID: d968df65f53c3b23091e0470f6dc392be365fc4adb0b836f93deb185ac6b9b20
              • Opcode Fuzzy Hash: 4854fe39c6aec97a9b9e0f61d727125c7a55b98e2185efcb8959e75e8f001c1c
              • Instruction Fuzzy Hash: 610291B1A002018BCB14DF59DCC469A7BE5BB84304F18C5BAED49EB395DB789D81CB9C
              Function 00401000 Relevance: 42.4, APIs: 9, Strings: 15, Instructions: 355COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00405D20: GetCommandLineW.KERNEL32(?,?,?,?,0040104A,?,?,00000000), ref: 00405D57
                • Part of subcall function 00405D20: GlobalFree.KERNEL32(00000000), ref: 00405DAD
                • Part of subcall function 00405D20: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,0040104A,?,?,00000000), ref: 00405DB4
                • Part of subcall function 00405D20: __p__environ.MSVCRT ref: 00405DBF
                • Part of subcall function 00405D20: malloc.MSVCRT ref: 00405DDD
                • Part of subcall function 00405D20: __p__environ.MSVCRT ref: 00405DE8
                • Part of subcall function 00405D20: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00405E03
                • Part of subcall function 00405D20: __p__wenviron.MSVCRT ref: 00405E0F
                • Part of subcall function 00405D20: __p__wenviron.MSVCRT ref: 00405E18
                • Part of subcall function 00405D20: __p__wenviron.MSVCRT ref: 00405E1C
                • Part of subcall function 00405D20: free.MSVCRT(00000000), ref: 00405E25
              • _isctype.MSVCRT ref: 004012B0
              • _isctype.MSVCRT ref: 00401343
              • _strnicmp.MSVCRT ref: 00401414
              • _strnicmp.MSVCRT ref: 00401437
              • fprintf.MSVCRT ref: 0040155B
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$__p__wenviron$EnvironmentFreeStrings__p__environ_isctype_strnicmp$CommandGlobalLinefreemalloc
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$@8A$Accept:$Authentication credentials too long$Authorization: Basic $Cookie: $Host:$Proxy credentials too long$Proxy-Authorization: Basic $User-Agent:$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1027794356-2667160859
              • Opcode ID: 5218f5b0053106b551ad4f683b08a9823490a49836e7579a02fd8b829f5f6227
              • Instruction ID: 102ab6ecfd83405cdecb6d581c84758f592630fb32869fcdfaed45e54a62ca93
              • Opcode Fuzzy Hash: 5218f5b0053106b551ad4f683b08a9823490a49836e7579a02fd8b829f5f6227
              • Instruction Fuzzy Hash: 31C1B3B5A00104EBD704DFA4DD81D6A77A9EBC8308B24857BF905BB3E2D678ED058B5C
              Function 004042A0 Relevance: 35.0, APIs: 9, Strings: 11, Instructions: 32COMMON
              Download Yara Rule
              APIs
              Strings
              • This is ApacheBench, Version %s, xrefs: 004042B5
              • Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>, xrefs: 004042EE
              • 2.3, xrefs: 004042E2
              • This is ApacheBench, Version %s <i>&lt;%s&gt;</i><br>, xrefs: 004042E7
              • Licensed to The Apache Software Foundation, http://www.apache.org/, xrefs: 004042C3
              • </p><p>, xrefs: 004042FC
              • <p>, xrefs: 004042D6
              • Licensed to The Apache Software Foundation, http://www.apache.org/<br>, xrefs: 004042F5
              • $Revision: 655654 $, xrefs: 004042DD
              • 2.3 <$Revision: 655654 $>, xrefs: 004042B0
              • Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/, xrefs: 004042BC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: printf
              • String ID: Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>$ Licensed to The Apache Software Foundation, http://www.apache.org/<br>$ This is ApacheBench, Version %s <i>&lt;%s&gt;</i><br>$$Revision: 655654 $$2.3$2.3 <$Revision: 655654 $>$</p><p>$<p>$Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/$Licensed to The Apache Software Foundation, http://www.apache.org/$This is ApacheBench, Version %s
              • API String ID: 3524737521-2680221841
              • Opcode ID: f968ed7e9337b859d1e09b4a8637f11693dcfb1b8dbb0b535f507175a3164b9c
              • Instruction ID: 65994046b57ba64a728f0713f0abf60a2ee8e35852952dffb6e3c4157bd826c8
              • Opcode Fuzzy Hash: f968ed7e9337b859d1e09b4a8637f11693dcfb1b8dbb0b535f507175a3164b9c
              • Instruction Fuzzy Hash: 5BE0C960FC023821D464B6AF2C4AF8B2D04A988BA432508B3B448310C198FC6460CDEF
              Function 007A1500 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 222COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_wcsncpy$_calloc_mbstowcs_memmove$_memset_wcscpy
              • String ID: https$pipe$tcp
              • API String ID: 1390386863-2240554849
              • Opcode ID: a60e32f32978fb9d5aa7c0f5d7c88ebce705e63a68f9ae7cb7873857871e549b
              • Instruction ID: 8887969d46a4102587368465584fe4cec20922da660c73e07e9e1aa9ff3258ac
              • Opcode Fuzzy Hash: a60e32f32978fb9d5aa7c0f5d7c88ebce705e63a68f9ae7cb7873857871e549b
              • Instruction Fuzzy Hash: 267112B1D01318ABDB10EBA48C8AFDF77FCAF49711F404559F615B7242E7789A408BA1
              Function 004098A0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 340COMMON
              Download Yara Rule
              APIs
              • wcsncmp.MSVCRT(?,\\?\,00000004,00000FFF,?), ref: 0040993A
              • wcsncmp.MSVCRT(?,UNC\,00000004), ref: 00409959
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: wcsncmp
              • String ID: GetCompressedFileSizeA$GetCompressedFileSizeW$GetNamedSecurityInfoA$GetNamedSecurityInfoW$GetSecurityInfo$UNC\$ZwQueryInformationFile$\\?\
              • API String ID: 2509195183-113847736
              • Opcode ID: 8bd6e5f6ef87f0532a7296ab5bba1d6098938685440ae2f5106d98cda92dd20b
              • Instruction ID: 86daf43a790edeab88ac522ec478b41db71515873253f1c3d39e374ab4b2d147
              • Opcode Fuzzy Hash: 8bd6e5f6ef87f0532a7296ab5bba1d6098938685440ae2f5106d98cda92dd20b
              • Instruction Fuzzy Hash: 11B190B1A00205ABDB14CF64DC81AAB73A5FB94714F14853AF919A7382E778ED50CB98
              Function 007A47F2 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 76libraryloaderCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(ntdll,?,?,?,?,007A440D), ref: 007A47FE
              • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 007A481F
              • GetProcAddress.KERNEL32(00000000,NtQueryAttributesFile), ref: 007A4829
              • GetProcAddress.KERNEL32(Dz,NtOpenFile), ref: 007A4835
              • GetProcAddress.KERNEL32(?,NtCreateSection), ref: 007A4842
              • GetProcAddress.KERNEL32(?,NtOpenSection), ref: 007A484F
              • GetProcAddress.KERNEL32(?,NtClose), ref: 007A485C
                • Part of subcall function 007A4792: VirtualQuery.KERNEL32(?,?,0000001C,?,Dz,007A4874,?,00000000,?,?,00000000,?,?,?,?,007A440D), ref: 007A47A1
                • Part of subcall function 007A4792: VirtualProtect.KERNEL32(?,?,00000040,?,?,Dz,007A4874,?,00000000,?,?,00000000), ref: 007A47B3
                • Part of subcall function 007A4792: WriteProcessMemory.KERNEL32(000000FF,?,?,00000005,?,?,Dz,007A4874,?,00000000,?,?,00000000), ref: 007A47C7
                • Part of subcall function 007A4792: VirtualProtect.KERNEL32(?,?,?,00000000,?,Dz,007A4874,?,00000000,?,?,00000000), ref: 007A47DA
                • Part of subcall function 007A4792: FlushInstructionCache.KERNEL32(000000FF,?,?,?,Dz,007A4874,?,00000000,?,?,00000000,?,?,?,?,007A440D), ref: 007A47E8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc$Virtual$Protect$CacheFlushInstructionLibraryLoadMemoryProcessQueryWrite
              • String ID: Dz$NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtOpenSection$NtQueryAttributesFile$ntdll
              • API String ID: 1694779802-374203131
              • Opcode ID: f91334e9efee1e45bef65ee3ba16849453f89ef9d8f482cd799510063dd4d375
              • Instruction ID: a4935d14b69572cdcbffd8f19db4d51e0af6449c0ce6e1214b56150827a3cddf
              • Opcode Fuzzy Hash: f91334e9efee1e45bef65ee3ba16849453f89ef9d8f482cd799510063dd4d375
              • Instruction Fuzzy Hash: 52215371900259BBCB40ABF58C85DEEBFBCEB8A750F00455DBA0452102DB7D5E119B91
              Function 0040118D Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 157COMMON
              Download Yara Rule
              APIs
              • exit.MSVCRT ref: 004011CD
              • exit.MSVCRT ref: 00401214
              • fprintf.MSVCRT ref: 0040155B
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
                • Part of subcall function 00401750: fprintf.MSVCRT ref: 00401766
                • Part of subcall function 00401750: printf.MSVCRT ref: 0040177E
                • Part of subcall function 00401750: exit.MSVCRT ref: 00401789
                • Part of subcall function 00401750: printf.MSVCRT ref: 004017F9
                • Part of subcall function 00401750: printf.MSVCRT ref: 00401817
                • Part of subcall function 00401750: printf.MSVCRT ref: 00401835
                • Part of subcall function 00401750: fflush.MSVCRT ref: 00401841
                • Part of subcall function 00401750: calloc.MSVCRT ref: 0040185C
                • Part of subcall function 00401750: calloc.MSVCRT ref: 0040186B
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • Cannot mix PUT and HEAD, xrefs: 004011DB
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • Cannot mix POST and HEAD, xrefs: 00401194
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$printf$exit$calloc$fflush
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$Cannot mix POST and HEAD$Cannot mix PUT and HEAD$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 2141280880-917301088
              • Opcode ID: 554312e2743b02a32243778902219ba665b769c3111ef538274103244b6529ab
              • Instruction ID: f94eb15515aaf1234ac173067c03169a0fe78aeeca8b1a7cc0c7cd81fdb93a18
              • Opcode Fuzzy Hash: 554312e2743b02a32243778902219ba665b769c3111ef538274103244b6529ab
              • Instruction Fuzzy Hash: 2A5193B4A00104EBD714EFA4EC81D6A3365EBC8308B14857FF906AB3E1D678E945CB9D
              Function 007A4672 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 89libraryloaderCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryW.KERNEL32(ntdll), ref: 007A467E
              • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 007A469F
              • GetProcAddress.KERNEL32(00000000,NtQueryAttributesFile), ref: 007A46A9
              • GetProcAddress.KERNEL32(?,NtOpenFile), ref: 007A46B5
              • GetProcAddress.KERNEL32(?,NtCreateSection), ref: 007A46C2
              • GetProcAddress.KERNEL32(?,NtOpenSection), ref: 007A46CF
              • GetProcAddress.KERNEL32(?,NtClose), ref: 007A46DC
                • Part of subcall function 007A45F4: WriteProcessMemory.KERNEL32(000000FF,007A4599,?,00000005,?,?,?,007A46FA,?,00000000,?,007A4599,?,?), ref: 007A460C
                • Part of subcall function 007A45F4: VirtualQuery.KERNEL32(?,?,0000001C,?,?), ref: 007A4627
                • Part of subcall function 007A45F4: VirtualProtect.KERNEL32(?,00000040,00000040,?,?,?), ref: 007A463F
                • Part of subcall function 007A45F4: VirtualProtect.KERNEL32(?,?,?,?,?,?), ref: 007A465C
                • Part of subcall function 007A45F4: FlushInstructionCache.KERNEL32(000000FF,?,?,?,?), ref: 007A4666
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc$Virtual$Protect$CacheFlushInstructionLibraryLoadMemoryProcessQueryWrite
              • String ID: NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtOpenSection$NtQueryAttributesFile$ntdll
              • API String ID: 1694779802-2731749698
              • Opcode ID: 90381087bfb82f15ba7750f8a95aec4109082507f685a0038dbad14b7d3ecab0
              • Instruction ID: 63b68cb7206295418963512d348fe05683c2a9cb060c97f1a5977848c1968ec0
              • Opcode Fuzzy Hash: 90381087bfb82f15ba7750f8a95aec4109082507f685a0038dbad14b7d3ecab0
              • Instruction Fuzzy Hash: 873123B2E40269BBCB009BA58D45DDEBF78FFCAB50F104259BA1863101C7B95A21DBD1
              Function 007A6E7E Relevance: 24.2, APIs: 16, Instructions: 230filepipeCOMMON
              Download Yara Rule
              APIs
              • ConnectNamedPipe.KERNEL32(?,?), ref: 007A6EBA
              • GetLastError.KERNEL32 ref: 007A6EC0
              • GetOverlappedResult.KERNEL32(?,?,?,00000000), ref: 007A6EFE
              • GetLastError.KERNEL32 ref: 007A6F08
              • ResetEvent.KERNEL32(?), ref: 007A6F28
              • _free.LIBCMT ref: 007A6F61
              • ResetEvent.KERNEL32(00000000), ref: 007A710D
              • ReadFile.KERNEL32(?,?,00010000,00000000,?), ref: 007A7133
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorEventLastReset$ConnectFileNamedOverlappedPipeReadResult_free
              • String ID:
              • API String ID: 1818538505-0
              • Opcode ID: 941c22289b0caf3a9d2fad3233b9916fa7eb4c20b64f5cc9e8ed86b2670694a4
              • Instruction ID: c65a4339b8a9ffd2f013442dd8d22c42ec70cb06d8ea1920819ab1f9ff3bce73
              • Opcode Fuzzy Hash: 941c22289b0caf3a9d2fad3233b9916fa7eb4c20b64f5cc9e8ed86b2670694a4
              • Instruction Fuzzy Hash: 9171B171604609FBD729AB70CC89FEAB7A8FF8A710F004329F51996181DB78A951CB90
              Function 007A8AA3 Relevance: 24.2, APIs: 16, Instructions: 210networkCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007AA109: WaitForSingleObject.KERNEL32(?,000000FF,?,007A4A00,00000001,00000000,?,007A49E4,00000000,00000000,007A6503,00000000,00000000,007A798B), ref: 007AA117
              • recv.WS2_32(?,00000000,00000020,00000000), ref: 007A8AFE
              • recv.WS2_32(?,?,-000000E4,00000000), ref: 007A8B57
              • GetLastError.KERNEL32 ref: 007A8B61
              • SetLastError.KERNEL32(00000490), ref: 007A8B73
              • SetLastError.KERNEL32(00000000), ref: 007A8B7F
              • _memmove.LIBCMT ref: 007A8B94
              • htonl.WS2_32(?), ref: 007A8BAE
              • _malloc.LIBCMT ref: 007A8BC3
              • _memcpy_s.LIBCMT ref: 007A8BDF
              • recv.WS2_32(?,00000020,-00000008,00000000), ref: 007A8BFE
              • GetLastError.KERNEL32 ref: 007A8C0A
              • _memcmp.LIBCMT ref: 007A8C56
              • SetLastError.KERNEL32(00000000), ref: 007A8C82
              • SetLastError.KERNEL32(00000000), ref: 007A8CA2
              • GetLastError.KERNEL32 ref: 007A8CA8
              • _free.LIBCMT ref: 007A8CB5
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$recv$ObjectSingleWait_free_malloc_memcmp_memcpy_s_memmovehtonl
              • String ID:
              • API String ID: 241723272-0
              • Opcode ID: 78b2b142a919bacd540a7fa3c7b5d89621b4f2263b3ae0b924923e6ee2387e8a
              • Instruction ID: 576ee871bc21cd00c554460b2ea230d94474c85d259a33eef10f742a6cb73048
              • Opcode Fuzzy Hash: 78b2b142a919bacd540a7fa3c7b5d89621b4f2263b3ae0b924923e6ee2387e8a
              • Instruction Fuzzy Hash: 8E61C772A01209EFDB509BA8CC89F9E77B8EF4A720F044665F904E7151EB38D9508B76
              Function 0040B080 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 232filesynchronizationpipeCOMMON
              Download Yara Rule
              APIs
              • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,0040B04D,00000000,00000000,?), ref: 0040B0B3
              • GetLastError.KERNEL32(?,0040B04D,00000000,00000000,?), ref: 0040B0C3
              • GetLastError.KERNEL32(?,0040B04D,00000000,00000000,?), ref: 0040B0D2
              • ReadFile.KERNEL32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,0040B04D,00000000,00000000,?), ref: 0040B149
              • GetLastError.KERNEL32(?,0040B04D,00000000,00000000,?), ref: 0040B160
              • GetLastError.KERNEL32(?,0040B04D,00000000,00000000,?), ref: 0040B16A
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040B19B
              • WaitForSingleObject.KERNEL32(?,00000000,?,0040B04D,00000000,00000000,?), ref: 0040B1B7
              • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,?,0040B04D,00000000,00000000,?), ref: 0040B206
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$FileNamedObjectOverlappedPeekPipeReadResultSingleUnothrow_t@std@@@Wait__ehfuncinfo$??2@
              • String ID: CancelIo
              • API String ID: 4218860098-2988344177
              • Opcode ID: 2262a270e04772144b330fc8022523d05f1d8f361657aad5a0911b0a1537bac0
              • Instruction ID: 6e1920a353819d14102199b1f7b27055858b2043c0ebf3dbc580d15f2d9c4852
              • Opcode Fuzzy Hash: 2262a270e04772144b330fc8022523d05f1d8f361657aad5a0911b0a1537bac0
              • Instruction Fuzzy Hash: B87172753002059BD724CFA9DC90BAB73A5EB84754F14893EE959EB780D778EC01CB98
              Function 0040149A Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 144stringCOMMON
              Download Yara Rule
              APIs
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • @<A, xrefs: 004014C2
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$atoistrchr
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$@<A$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 3612400412-2805153618
              • Opcode ID: 086c3ed2d15ccbf7f785f21e75bbb9d05ebce68362d5a2d5de550486dcdc1c76
              • Instruction ID: 1856bb30a29f67c2e9cb3809bc9c1c65f3c91895ab6ed7edb9808eff0ea4e1fd
              • Opcode Fuzzy Hash: 086c3ed2d15ccbf7f785f21e75bbb9d05ebce68362d5a2d5de550486dcdc1c76
              • Instruction Fuzzy Hash: 924192B4A00104EFD714DFA8ED91D2A73A5EBC8308B14C57AE905EB3A1D638ED45CB98
              Function 00405D20 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 98COMMON
              Download Yara Rule
              APIs
              • GetCommandLineW.KERNEL32(?,?,?,?,0040104A,?,?,00000000), ref: 00405D57
              • GlobalFree.KERNEL32(00000000), ref: 00405DAD
                • Part of subcall function 0040A940: LoadLibraryA.KERNEL32(?,00000000,?,00405D79,00000004,CommandLineToArgvW,00000000,?,?,?,?,0040104A,?,?,00000000), ref: 0040A961
              • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,0040104A,?,?,00000000), ref: 00405DB4
              • __p__environ.MSVCRT ref: 00405DBF
              • malloc.MSVCRT ref: 00405DDD
              • __p__environ.MSVCRT ref: 00405DE8
              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00405E03
              • __p__wenviron.MSVCRT ref: 00405E0F
              • __p__wenviron.MSVCRT ref: 00405E18
              • __p__wenviron.MSVCRT ref: 00405E1C
              • free.MSVCRT(00000000), ref: 00405E25
              • SetLastError.KERNEL32(00000001), ref: 00405E3A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __p__wenviron$EnvironmentFreeStrings__p__environ$CommandErrorGlobalLastLibraryLineLoadfreemalloc
              • String ID: CommandLineToArgvW
              • API String ID: 1811805695-1958408031
              • Opcode ID: e32ffa2a7bbaf6db530dde6c377b5b83cc851f2c1875d256f522af5819bf043e
              • Instruction ID: 489f981059dec82afb1c60ae41dcf19cfb0c9f7c5ffe1f3ef3c76cb7f27ed2a9
              • Opcode Fuzzy Hash: e32ffa2a7bbaf6db530dde6c377b5b83cc851f2c1875d256f522af5819bf043e
              • Instruction Fuzzy Hash: 58310271600615DFD710AB64EC48A6B37A8EF45300B04423AED01B7391EB78DD10CFD9
              Function 007AA1D1 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 75libraryloaderthreadCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007AA1DA
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007AA1F0
              • GetCurrentThreadId.KERNEL32 ref: 007AA1F8
                • Part of subcall function 007AA133: _malloc.LIBCMT ref: 007AA136
              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,000000FF,?,?,?,?,?,?,?,?,?,007A78FB), ref: 007AA20D
              • GetProcAddress.KERNEL32(00000000,OpenThread), ref: 007AA21E
              • LoadLibraryA.KERNEL32(ntdll.dll,?,?,000000FF,?,?,?,?,?,?,?,?,?,007A78FB), ref: 007AA23A
              • GetProcAddress.KERNEL32(00000000,NtOpenThread), ref: 007AA249
              • FreeLibrary.KERNEL32(?,?,?,000000FF,?,?,?,?,?,?,?,?,?,007A78FB), ref: 007AA286
              • FreeLibrary.KERNEL32(00000000,?,?,000000FF,?,?,?,?,?,?,?,?,?,007A78FB), ref: 007AA28D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Library$AddressFreeLoadProc_malloc$AllocCurrentHeapThread_memset
              • String ID: NtOpenThread$OpenThread$kernel32.dll$ntdll.dll
              • API String ID: 1399730496-1307226884
              • Opcode ID: a84a46f63c7e6764968036fc94ddd91bf429c1d0069637476858ce31096cb65a
              • Instruction ID: 4d4f49aa9b7908f49d386bf602c24162290b2ae0303b46de872f072ba77fa9f7
              • Opcode Fuzzy Hash: a84a46f63c7e6764968036fc94ddd91bf429c1d0069637476858ce31096cb65a
              • Instruction Fuzzy Hash: A921C271900209BFD7119FE5CC0DF9EBBB8AF49711F14802DF601E2191D77C95008BA1
              Function 00416900 Relevance: 22.7, APIs: 15, Instructions: 222COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_wcsncpy$_calloc_mbstowcs_memmove$_memset_wcscpy
              • String ID:
              • API String ID: 1390386863-0
              • Opcode ID: c2dd29842cca926379c19f723b0ff620131187b3a19e11a9fd511e1e013bc536
              • Instruction ID: e9ea8043f375cb67bb71abc45b23e95fff932ffd59fac79367ecca9f6ff85c9e
              • Opcode Fuzzy Hash: c2dd29842cca926379c19f723b0ff620131187b3a19e11a9fd511e1e013bc536
              • Instruction Fuzzy Hash: F07123B1E41318BBDB10EBA59C85FDF77BCAF08714F40445AB605B7242D778DA848B68
              Function 00416900 Relevance: 22.7, APIs: 15, Instructions: 222COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_wcsncpy$_calloc_mbstowcs_memmove$_memset_wcscpy
              • String ID:
              • API String ID: 1390386863-0
              • Opcode ID: c2dd29842cca926379c19f723b0ff620131187b3a19e11a9fd511e1e013bc536
              • Instruction ID: e9ea8043f375cb67bb71abc45b23e95fff932ffd59fac79367ecca9f6ff85c9e
              • Opcode Fuzzy Hash: c2dd29842cca926379c19f723b0ff620131187b3a19e11a9fd511e1e013bc536
              • Instruction Fuzzy Hash: F07123B1E41318BBDB10EBA59C85FDF77BCAF08714F40445AB605B7242D778DA848B68
              Function 007A731B Relevance: 21.2, APIs: 14, Instructions: 235networkCOMMON
              Download Yara Rule
              APIs
              • _memmove.LIBCMT ref: 007A736A
              • htonl.WS2_32(?), ref: 007A73A1
              • _calloc.LIBCMT ref: 007A740D
              • htonl.WS2_32(?), ref: 007A7428
              • _memcmp.LIBCMT ref: 007A745F
              • _memcmp.LIBCMT ref: 007A749A
                • Part of subcall function 007B01E0: _malloc.LIBCMT ref: 007B01EC
              • _memmove.LIBCMT ref: 007A74AA
                • Part of subcall function 007A722B: CloseHandle.KERNEL32(89C03359,00000000,?,007A74CF,?), ref: 007A7242
                • Part of subcall function 007A722B: CloseHandle.KERNEL32(0F078900,00000000,?,007A74CF,?), ref: 007A726E
                • Part of subcall function 007A722B: _free.LIBCMT ref: 007A7283
                • Part of subcall function 007A722B: _free.LIBCMT ref: 007A7291
              • _free.LIBCMT ref: 007A74D0
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • CoCreateGuid.OLE32(?), ref: 007A74E0
              • htonl.WS2_32(?), ref: 007A74E8
              • htons.WS2_32(?), ref: 007A74FE
              • htons.WS2_32(?), ref: 007A750F
              • _calloc.LIBCMT ref: 007A7524
              • _free.LIBCMT ref: 007A758B
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$htonl$CloseHandle_calloc_memcmp_memmovehtons$CreateErrorFreeGuidHeapLast_malloc
              • String ID:
              • API String ID: 2476253317-0
              • Opcode ID: fb57ca6497116bcb2ab922e81024cc13ae6ec1f5a4269ef80d5ba1ab89b7597f
              • Instruction ID: c53f611f12631ba3496869091b2d5554f21bced278b38e71c66ef43bf54a9c41
              • Opcode Fuzzy Hash: fb57ca6497116bcb2ab922e81024cc13ae6ec1f5a4269ef80d5ba1ab89b7597f
              • Instruction Fuzzy Hash: FD81B472900204FBDB149F64DC85BDA77A8EF4A310F084279FD489F156DBB99A90CBA0
              Function 004010BF Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 132COMMON
              Download Yara Rule
              APIs
              • atoi.MSVCRT ref: 004010C3
              • fprintf.MSVCRT ref: 0040155B
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
                • Part of subcall function 00401750: fprintf.MSVCRT ref: 00401766
                • Part of subcall function 00401750: printf.MSVCRT ref: 0040177E
                • Part of subcall function 00401750: exit.MSVCRT ref: 00401789
                • Part of subcall function 00401750: printf.MSVCRT ref: 004017F9
                • Part of subcall function 00401750: printf.MSVCRT ref: 00401817
                • Part of subcall function 00401750: printf.MSVCRT ref: 00401835
                • Part of subcall function 00401750: fflush.MSVCRT ref: 00401841
                • Part of subcall function 00401750: calloc.MSVCRT ref: 0040185C
                • Part of subcall function 00401750: calloc.MSVCRT ref: 0040186B
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • Invalid number of requests, xrefs: 004010D9
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$printf$calloc$atoiexitfflush
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$Invalid number of requests$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 652337496-4066330456
              • Opcode ID: 4b91acfde98a41790a2f52f92089b9e57d965b314ece47fe5be4355c8ef3f700
              • Instruction ID: e79734e27559c954133449f1f081e856732bac6ef2ffc18207dc3d3d273de198
              • Opcode Fuzzy Hash: 4b91acfde98a41790a2f52f92089b9e57d965b314ece47fe5be4355c8ef3f700
              • Instruction Fuzzy Hash: 674173B4A00104ABD714DFA9DD81D2A7365EBC8308B14C57EF909EB3E1D638E945CB99
              Function 007A7F5C Relevance: 19.7, APIs: 13, Instructions: 166fileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007AA109: WaitForSingleObject.KERNEL32(?,000000FF,?,007A4A00,00000001,00000000,?,007A49E4,00000000,00000000,007A6503,00000000,00000000,007A798B), ref: 007AA117
              • ReadFile.KERNEL32(?,00000000,00000020,?,00000000), ref: 007A7FB5
              • SetLastError.KERNEL32(00000008), ref: 007A7FD6
              • _malloc.LIBCMT ref: 007A7FEF
              • _free.LIBCMT ref: 007A8005
              • SetLastError.KERNEL32(00000000), ref: 007A8014
              • GetLastError.KERNEL32 ref: 007A8022
              • _free.LIBCMT ref: 007A802F
              • _memmove.LIBCMT ref: 007A8076
              • htonl.WS2_32(?), ref: 007A8081
              • _malloc.LIBCMT ref: 007A808E
              • _memcpy_s.LIBCMT ref: 007A80B9
              • SetLastError.KERNEL32(00000000), ref: 007A80EF
              • _free.LIBCMT ref: 007A80F6
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$_free$_malloc$FileObjectReadSingleWait_memcpy_s_memmovehtonl
              • String ID:
              • API String ID: 3183376787-0
              • Opcode ID: 5a2a3ff6447a1d4950d0bba810999ab9cc645a5a052e407c9886ce8e44b5e8f0
              • Instruction ID: 37ab08c784c15486e52686bd3753b316be2399398ef155011c0f28a24ae24977
              • Opcode Fuzzy Hash: 5a2a3ff6447a1d4950d0bba810999ab9cc645a5a052e407c9886ce8e44b5e8f0
              • Instruction Fuzzy Hash: C5518472900209FFDB109BE4CC89EDEB7BCAB49310F544265F505E6141EB38EA548BA1
              Function 007A2993 Relevance: 19.6, APIs: 13, Instructions: 103memoryCOMMON
              Download Yara Rule
              APIs
              • _memset.LIBCMT ref: 007A29AC
              • GetVersionExW.KERNEL32(00000114,?,?,00000000), ref: 007A29C5
              • GetLastError.KERNEL32(?,?,00000000), ref: 007A29CF
              • SetLastError.KERNEL32(00000005,?,?,00000000), ref: 007A29F0
              • VirtualAlloc.KERNEL32(00000000,00000052,00003000,00000040,00000000,00000000,?,?,00000000), ref: 007A2A0C
              • GetLastError.KERNEL32(?,?,00000000), ref: 007A2A15
              • VirtualAlloc.KERNEL32(00000000,00000149,00003000,00000040,?,?,00000000), ref: 007A2A2C
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 007A2A34
              • VirtualFree.KERNEL32(?,00000000,00004000,?,?,?,?,?,?,?,?,00000000), ref: 007A2AAD
              • VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,?,?,?,00000000), ref: 007A2ABB
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastVirtual$AllocFree$Version_memset
              • String ID:
              • API String ID: 1729307151-0
              • Opcode ID: dd0a300ac1ebea60620c53ba44a93403949a9e65e17c2fff0d5b897e6093613c
              • Instruction ID: 63d53e772b7b80e7030f643bcbf70f21865b2bdc250a7da6f6b1f7cad89d149a
              • Opcode Fuzzy Hash: dd0a300ac1ebea60620c53ba44a93403949a9e65e17c2fff0d5b897e6093613c
              • Instruction Fuzzy Hash: 7331EA30640309ABDB249F589C86FDA77B8AF46B01F104169FF09F7182D778DD91CAA5
              Function 007A9A41 Relevance: 19.6, APIs: 13, Instructions: 96COMMON
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 007A9A70
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • _free.LIBCMT ref: 007A9A81
              • _free.LIBCMT ref: 007A9A92
              • _free.LIBCMT ref: 007A9AA3
              • _free.LIBCMT ref: 007A9AB4
              • _free.LIBCMT ref: 007A9AC5
              • _free.LIBCMT ref: 007A9AD6
              • GlobalFree.KERNEL32(00000000), ref: 007A9AEF
              • GlobalFree.KERNEL32(00000000), ref: 007A9AFE
              • _free.LIBCMT ref: 007A9B0D
              • _free.LIBCMT ref: 007A9B25
              • _free.LIBCMT ref: 007A9B37
              • _free.LIBCMT ref: 007A9B41
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$Free$Global$ErrorHeapLast
              • String ID:
              • API String ID: 1580220124-0
              • Opcode ID: 2c2aaa29368ef66885b1668692c96044f89f29f953a2c7c39bf97a3d4e28f7a2
              • Instruction ID: 41966619179e8c562c852166f9ef8fdbf706350460f0029df8fa51e18a9c061f
              • Opcode Fuzzy Hash: 2c2aaa29368ef66885b1668692c96044f89f29f953a2c7c39bf97a3d4e28f7a2
              • Instruction Fuzzy Hash: B731A072400B05DFC7359F65E9C4612BBF5FF8A316B94873EE24A05862C738A8A0CE94
              Function 0040112B Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 128COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
                • Part of subcall function 00401750: fprintf.MSVCRT ref: 00401766
                • Part of subcall function 00401750: printf.MSVCRT ref: 0040177E
                • Part of subcall function 00401750: exit.MSVCRT ref: 00401789
                • Part of subcall function 00401750: printf.MSVCRT ref: 004017F9
                • Part of subcall function 00401750: printf.MSVCRT ref: 00401817
                • Part of subcall function 00401750: printf.MSVCRT ref: 00401835
                • Part of subcall function 00401750: fflush.MSVCRT ref: 00401841
                • Part of subcall function 00401750: calloc.MSVCRT ref: 0040185C
                • Part of subcall function 00401750: calloc.MSVCRT ref: 0040186B
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • Cannot mix POST/PUT and HEAD, xrefs: 00401132
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$printf$calloc$exitfflush
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$Cannot mix POST/PUT and HEAD$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1218975192-2439519685
              • Opcode ID: f8b07cf69736e50ab67558ff0588daad810697a5d73759921472412d3f3b2fd1
              • Instruction ID: 392d88f06bbced629e55fd60cb21604cd855796d70e8d899cb708ce0fd2956d0
              • Opcode Fuzzy Hash: f8b07cf69736e50ab67558ff0588daad810697a5d73759921472412d3f3b2fd1
              • Instruction Fuzzy Hash: FA4172B4A00104ABD714EF99ED81D2A7365EBC8308B14C57EF909EB3E1D638E945CB99
              Function 0040123D Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 128COMMON
              Download Yara Rule
              APIs
              • atoi.MSVCRT ref: 00401241
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$atoi
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1898439266-1122596264
              • Opcode ID: ab53d8bc5da527ee0feb54d82162bafe25a98d8a808fa4c8e9d52b030ed552e7
              • Instruction ID: aa9f617b81f4437ef90117b7fb5f652c2059616a35c8ed6175574abd8a148348
              • Opcode Fuzzy Hash: ab53d8bc5da527ee0feb54d82162bafe25a98d8a808fa4c8e9d52b030ed552e7
              • Instruction Fuzzy Hash: C941A2B4A00104EBD714DFA4ED81D2A7365EBC8308B14C57EF909EB3E1D638E945CB98
              Function 0040114E Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127COMMON
              Download Yara Rule
              APIs
              • _strdup.MSVCRT(?), ref: 00401152
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$_strdup
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1169352161-1122596264
              • Opcode ID: 12440ac565f6142b92c5f6ed79c01b06db47ebfc9094fbd820c5793d6e06a403
              • Instruction ID: 61739c06db0445b0aa7ca92dbf2048a62a7844db9e06b96a1d99b4ab2c9f5f53
              • Opcode Fuzzy Hash: 12440ac565f6142b92c5f6ed79c01b06db47ebfc9094fbd820c5793d6e06a403
              • Instruction Fuzzy Hash: 044171B4A00104EBD714DFA5ED81D2A7369EBC8308B14C57EF909EB3E1D638E945CB98
              Function 0040116D Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127COMMON
              Download Yara Rule
              APIs
              • _strdup.MSVCRT(?), ref: 00401171
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$_strdup
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1169352161-1122596264
              • Opcode ID: 333f515493014691ea9adab8963a3dba4cefa48062e40f184332333d5f353018
              • Instruction ID: a751faec121b572d8bebdd249e554fa6155a76d7d9c497ebc7685f8b486736f0
              • Opcode Fuzzy Hash: 333f515493014691ea9adab8963a3dba4cefa48062e40f184332333d5f353018
              • Instruction Fuzzy Hash: 284183B4A00104EBD714DFA5ED81D2A7369EBC8308B14C57EF905EB3E1D638E945CB98
              Function 00401102 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127COMMON
              Download Yara Rule
              APIs
              • atoi.MSVCRT ref: 00401106
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$atoi
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1898439266-1122596264
              • Opcode ID: 285a270088d641f77f5c3b298740d361e4ecbf503707714f0428369ac77dad53
              • Instruction ID: e2e755f66df4f0a0c0c1b6c2228099c74c4db24f2603499e0b6daa39f0af3246
              • Opcode Fuzzy Hash: 285a270088d641f77f5c3b298740d361e4ecbf503707714f0428369ac77dad53
              • Instruction Fuzzy Hash: 9A4183B4A00104EBD714DFA5ED91D2A7369EBC8308B14C57EF909EB3E1D638E945CB98
              Function 00401116 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127COMMON
              Download Yara Rule
              APIs
              • atoi.MSVCRT ref: 0040111A
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$atoi
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1898439266-1122596264
              • Opcode ID: 0ab57724d92000ca22b5cbd3326e1da87722eacedba54b8abff98e3aee9abdbd
              • Instruction ID: 5ead7e223a0408bfb9252aedc8425fb996e943740e62fd8a08dca869768123a1
              • Opcode Fuzzy Hash: 0ab57724d92000ca22b5cbd3326e1da87722eacedba54b8abff98e3aee9abdbd
              • Instruction Fuzzy Hash: 514182B4A00104EBD714DFA5ED91D2A7365EBC8308B14C57EF905EB3E1D638E945CB98
              Function 00401229 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127COMMON
              Download Yara Rule
              APIs
              • atoi.MSVCRT ref: 0040122D
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$atoi
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 1898439266-1122596264
              • Opcode ID: 5937b50af52c7da9f3b42ae1a1b3a0a0a02e464b9be257520a923ff9efec17be
              • Instruction ID: 08013c388efca2fe28ebdd82844a539adbd35f472ec92180acb5311ffee17dd8
              • Opcode Fuzzy Hash: 5937b50af52c7da9f3b42ae1a1b3a0a0a02e464b9be257520a923ff9efec17be
              • Instruction Fuzzy Hash: 354172B4A00104EBD714DFA5ED91D2A7369EBC8308B14C57EF905EB3E1D638E945CB98
              Function 007A9F43 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 111networkCOMMON
              Download Yara Rule
              APIs
              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007A9F6A
              • GetLastError.KERNEL32 ref: 007A9F77
              • _memset.LIBCMT ref: 007A9F8F
              • _memset.LIBCMT ref: 007A9FA1
              • _memset.LIBCMT ref: 007A9FAD
              • InternetCrackUrlW.WININET(?,00000000,00000000,0000003C), ref: 007A9FE2
              • _free.LIBCMT ref: 007A9FF1
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • InternetConnectW.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 007AA025
              • InternetSetOptionW.WININET(?,0000002B,00000000,00000000), ref: 007AA059
              • InternetSetOptionW.WININET(?,0000002C,00000000,00000000), ref: 007AA073
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Internet$_memset$ErrorLastOption$ConnectCrackFreeHeapOpen_free
              • String ID: <
              • API String ID: 2538166667-4251816714
              • Opcode ID: 4eae567c3cc6cc72021f3a779f1e96d84983765dda554d2ebd0428ea1f536bb5
              • Instruction ID: 620f088801f12cc191befe15751ecb7e61ca49b8e67012b8fc92b4a6506e3a53
              • Opcode Fuzzy Hash: 4eae567c3cc6cc72021f3a779f1e96d84983765dda554d2ebd0428ea1f536bb5
              • Instruction Fuzzy Hash: 40414F71800604EBDB31AF65DC49EABBBFCFB89700F00462EF645A2561E739A544CF94
              Function 007B3C82 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • DecodePointer.KERNEL32(?,00000001,007B3950,007C54B0,00000008,007B3A87,?,00000001,?,007C54D0,0000000C,007B3A26,?,00000001,?), ref: 007B3C8A
              • _free.LIBCMT ref: 007B3CA3
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • _free.LIBCMT ref: 007B3CB6
              • _free.LIBCMT ref: 007B3CD4
              • _free.LIBCMT ref: 007B3CE6
              • _free.LIBCMT ref: 007B3CF7
              • _free.LIBCMT ref: 007B3D02
              • _free.LIBCMT ref: 007B3D26
              • EncodePointer.KERNEL32(00579CA0), ref: 007B3D2D
              • _free.LIBCMT ref: 007B3D42
              • _free.LIBCMT ref: 007B3D58
              • _free.LIBCMT ref: 007B3D80
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
              • String ID:
              • API String ID: 3064303923-0
              • Opcode ID: 336d9f2c1aba5d3f9eff1643b0024acc2ed94ad17a2b43bce2815ad1b01caf8a
              • Instruction ID: 68ba9c4cbaacd8d2afab79c423eb2b25ebcaa2a1ad1f237f7ca439b9e6c2b2a5
              • Opcode Fuzzy Hash: 336d9f2c1aba5d3f9eff1643b0024acc2ed94ad17a2b43bce2815ad1b01caf8a
              • Instruction Fuzzy Hash: 7621A633901551CBC7266F64FC89E557BA8B74A322389C23DE808A3261C73C9EC1CBD8
              Function 00406840 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 162networkCOMMON
              Download Yara Rule
              APIs
              • connect.WSOCK32(?,00000029,?,00401686,00401682,00000000), ref: 00406872
              • WSAGetLastError.WSOCK32 ref: 00406887
              • WSAGetLastError.WSOCK32 ref: 00406891
              • select.WSOCK32(00000041,00000000,?,?,?,?,?,000F4240,00000000,?,?,000F4240,00000000), ref: 00406923
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$connectselect
              • String ID: u
              • API String ID: 3361657481-3483738507
              • Opcode ID: 026e8efa42895d0f47fae0c319c09713302349c087e38c5d46c2d89564194933
              • Instruction ID: 1d19ce21af32cb8cfba87f123ab355a869ec54a57975a54dea637719fa212f1f
              • Opcode Fuzzy Hash: 026e8efa42895d0f47fae0c319c09713302349c087e38c5d46c2d89564194933
              • Instruction Fuzzy Hash: 4C51B7726002189BDB10DF59DD80AA7B7A8EB55320F0182BBED09EF3C1D675DD908FA4
              Function 00404560 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 151stringCOMMON
              Download Yara Rule
              APIs
              • strncmp.MSVCRT(00000000,http://,00000007,?,00000000,?,759A38A0,00000000,?,?,0040158D,00000000,?,?,?,n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq), ref: 0040459E
              • strchr.MSVCRT ref: 004045B1
                • Part of subcall function 00406E20: _isctype.MSVCRT ref: 00406E6A
                • Part of subcall function 00406E20: atoi.MSVCRT ref: 00406E96
              • strncmp.MSVCRT(00000000,https://,00000008,?,00000000,?,759A38A0,00000000,?,?,0040158D,00000000,?,?,?,n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq), ref: 0040468A
              • fprintf.MSVCRT ref: 004046A6
              • exit.MSVCRT ref: 004046B1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: strncmp$_isctypeatoiexitfprintfstrchr
              • String ID: :%d$SSL not compiled in; no https support$[%s]$http://$https://
              • API String ID: 3246724901-1117888160
              • Opcode ID: eefcb7fab76bdf78d587105c61a45419284c841004e5b73b49525f651bbea66b
              • Instruction ID: 65c1391e878ccf4021e8b776280897804e76f477e12c5199a4c6732b80ff3124
              • Opcode Fuzzy Hash: eefcb7fab76bdf78d587105c61a45419284c841004e5b73b49525f651bbea66b
              • Instruction Fuzzy Hash: B841F8B5604204ABC7149B79EC41AA73BD8E7C5355F04817AFA09E77D1FA7A98008BAC
              Function 007A6C7E Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CloseHandle_calloc_memmove$__snprintf_s_free_malloc
              • String ID: \\%s\pipe\%s
              • API String ID: 2148755428-540213758
              • Opcode ID: 7112386a3cbf7d723e64fadec0863dc9c34b92057ca97309c115cd3dbec11845
              • Instruction ID: 23b0b2c31cc8fb33ee82d480ea33bfa1c98146bae9b5e5c8d702d6eaa89afdb4
              • Opcode Fuzzy Hash: 7112386a3cbf7d723e64fadec0863dc9c34b92057ca97309c115cd3dbec11845
              • Instruction Fuzzy Hash: 34411975A04705FBDB216F748C0AFEB77A8EF86710F14072DF904A6182EBBDD9508691
              Function 00401508 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 126COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040445F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404470
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404480
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404491
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004044A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004044B2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004044C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004044D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004044E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004044F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404509
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404519
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040452A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040453B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040454E
                • Part of subcall function 00404310: exit.MSVCRT ref: 00404555
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$exit
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 3254994702-1122596264
              • Opcode ID: 07b9ea5e0d1babc831519186dc154dff18f62be67f2946326c56cb09979220f1
              • Instruction ID: 5f15d3f61ad8db70b309381baeff66024721affd82d1f5d92100a229b2f44f45
              • Opcode Fuzzy Hash: 07b9ea5e0d1babc831519186dc154dff18f62be67f2946326c56cb09979220f1
              • Instruction Fuzzy Hash: 664163B4A00104ABD714DF95ED81D2A7369EBC8308B14C57EF909EB3E1D639E945CB98
              Function 004010E9 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: 031685a38cb8ec84c053011e6ff69e1fae24f659ac29dc227d0a29b78d98220f
              • Instruction ID: 6cadcbe2bfa87631e95da2c6a7e0c492c5801309cc710279db2da1d0a758b026
              • Opcode Fuzzy Hash: 031685a38cb8ec84c053011e6ff69e1fae24f659ac29dc227d0a29b78d98220f
              • Instruction Fuzzy Hash: CC4182B4A00104ABD714DFA5DD81D2A7369EBC8308B14C57EF905EB3E1D638ED45CB98
              Function 00401477 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: 9298caabd16e2d83533ee0f1cb32972e874f66a9741b77fb0526e5fba719123f
              • Instruction ID: d846dd6a068fface60e1f41b01e3f3997aca640c09a05a452a478b2b379f4e25
              • Opcode Fuzzy Hash: 9298caabd16e2d83533ee0f1cb32972e874f66a9741b77fb0526e5fba719123f
              • Instruction Fuzzy Hash: 8F4171B4A00104ABD714DFA5DD81D2A7369EBC8308B14C57EF905EB3E1D638E945CB98
              Function 004014DF Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: 3c7ef74adbd01b7975934a8cfbb17b3e8816584bb1af013fa8425970e7b5c2e4
              • Instruction ID: ac887286a6eb253591f567c4640287cd2f0e2bd19792aafaae3d728f094c2789
              • Opcode Fuzzy Hash: 3c7ef74adbd01b7975934a8cfbb17b3e8816584bb1af013fa8425970e7b5c2e4
              • Instruction Fuzzy Hash: DF4181B4A00104EBD714DF99ED81D2A73A5EBC8308B14C57EF909EB3E1D638E945CB98
              Function 004014F3 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: 3175a9ab0fd6d70d8e810f3714546f1006a9b3ad2864429820382d2718c89cae
              • Instruction ID: 7ab4a14bd2d8d40e32e4f18f80d4a6b082302997e46063b29a1b0166f0c07ec4
              • Opcode Fuzzy Hash: 3175a9ab0fd6d70d8e810f3714546f1006a9b3ad2864429820382d2718c89cae
              • Instruction Fuzzy Hash: AC4190B4A00104EBD714DF99ED81D2A7369EBC8308B14C57EF909AB3E1D638ED45CB98
              Function 00401485 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: a4da7b0ed50605e511d11ed83859cb0953c2f4cc1d0ac370ec43680eff2171f6
              • Instruction ID: ee865041bf328288626088181d699fa6e6fbf9613280e1ce13024c745c7f45c9
              • Opcode Fuzzy Hash: a4da7b0ed50605e511d11ed83859cb0953c2f4cc1d0ac370ec43680eff2171f6
              • Instruction Fuzzy Hash: A44181B4A00104ABD714DF95ED81D2A73A5EBC8308B14C57EF905AB3E1D638E945CB98
              Function 004010F8 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 123COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: 23de69ab10ec41c1002a238087b9dc6cdb6510706ff49b111b7cdbad1313085b
              • Instruction ID: 0f592a4bf3fa4828cae782fe56355146e2273eabbc9180dcb22d222479ef9216
              • Opcode Fuzzy Hash: 23de69ab10ec41c1002a238087b9dc6cdb6510706ff49b111b7cdbad1313085b
              • Instruction Fuzzy Hash: 2D4183B4A00104ABD714DF99DD81D2A7369EBC8308B14C57FF909EB3E1D639E945CB98
              Function 00401163 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 123COMMON
              Download Yara Rule
              APIs
              • fprintf.MSVCRT ref: 0040155B
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040432D
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040433E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040434E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040435F
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404370
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404380
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404391
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043A2
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043B5
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043C6
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043D7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043E7
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 004043F8
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404409
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 00404419
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040442A
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040443E
                • Part of subcall function 00404310: fprintf.MSVCRT ref: 0040444E
              • fprintf.MSVCRT ref: 004015A8
              • fprintf.MSVCRT ref: 004015E2
              • fprintf.MSVCRT ref: 00401616
              Strings
              • %s: wrong number of arguments, xrefs: 00401555
              • %s: invalid URL, xrefs: 004015A2
              • %s: Cannot use concurrency level greater than total number of requests, xrefs: 00401610
              • n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq, xrefs: 00401521
              • gfff, xrefs: 0040163C
              • %s: Invalid Concurrency [Range 0..%d], xrefs: 004015DC
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: %s: Cannot use concurrency level greater than total number of requests$%s: Invalid Concurrency [Range 0..%d]$%s: invalid URL$%s: wrong number of arguments$gfff$n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
              • API String ID: 383729395-1122596264
              • Opcode ID: 14b627dde1f883c54ffc08f4aeeffea8bf23715a582640649a8e740ddf1c24fd
              • Instruction ID: ca0ea338b193e0236818bdd2c217bea1a93a6fb7730b26cb357f3830e49628e4
              • Opcode Fuzzy Hash: 14b627dde1f883c54ffc08f4aeeffea8bf23715a582640649a8e740ddf1c24fd
              • Instruction Fuzzy Hash: FB4172B4A00104ABD714DF99DD81D2A7369EBC8308B14C57EF909EB3E1D638E945CB98
              Function 007A8379 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 122pipeCOMMON
              Download Yara Rule
              APIs
              • _wcsstr.LIBCMT ref: 007A83DA
              • _wcschr.LIBCMT ref: 007A83E8
              • _wcschr.LIBCMT ref: 007A83F6
              • _calloc.LIBCMT ref: 007A8425
              • __snprintf_s.LIBCMT ref: 007A843F
              • SetHandleInformation.KERNEL32(000000FF,00000001,00000000), ref: 007A84B3
              • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000), ref: 007A8463
                • Part of subcall function 007A5078: GetSystemTime.KERNEL32(?,?,?,?,?,?,007A7926), ref: 007A5082
                • Part of subcall function 007A5078: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,007A7926), ref: 007A5090
                • Part of subcall function 007A5078: __aulldiv.LIBCMT ref: 007A50B0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Time$HandleSystem_wcschr$FileInformationNamedPipeState__aulldiv__snprintf_s_calloc_wcsstr
              • String ID: \\%s\pipe\%s$\\.\$pipe
              • API String ID: 101525352-8644039
              • Opcode ID: 29c88e2838bbe07298bb456c9e082595638b7befb728b18754be8e6233f13b34
              • Instruction ID: 610f69fb54f3809ac5d36975d1bbc82af042bf24a2bffeee20b9820114053d48
              • Opcode Fuzzy Hash: 29c88e2838bbe07298bb456c9e082595638b7befb728b18754be8e6233f13b34
              • Instruction Fuzzy Hash: 3441A9B1500305FBDB60AF74CC4AFDA7768AF59750F104269FA04E7181EB79D5508792
              Function 0041EE41 Relevance: 16.6, APIs: 11, Instructions: 96COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: 85022235424f8599b0bd29cc37f4bae05b1ecaf08c9207c4899039a5679603ad
              • Instruction ID: fbedbacef912465077989155e98e0f89b9954ab7a2c144af197bf48e199032e8
              • Opcode Fuzzy Hash: 85022235424f8599b0bd29cc37f4bae05b1ecaf08c9207c4899039a5679603ad
              • Instruction Fuzzy Hash: 36316D35504B15EFCB255F26E980A53BBE9FF44325B98462FE84A01961C739F8D2CE4C
              Function 0041EE41 Relevance: 16.6, APIs: 11, Instructions: 96COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: 85022235424f8599b0bd29cc37f4bae05b1ecaf08c9207c4899039a5679603ad
              • Instruction ID: fbedbacef912465077989155e98e0f89b9954ab7a2c144af197bf48e199032e8
              • Opcode Fuzzy Hash: 85022235424f8599b0bd29cc37f4bae05b1ecaf08c9207c4899039a5679603ad
              • Instruction Fuzzy Hash: 36316D35504B15EFCB255F26E980A53BBE9FF44325B98462FE84A01961C739F8D2CE4C
              Function 007A9C51 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A9C5C
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _malloc.LIBCMT ref: 007A9C65
              • _memset.LIBCMT ref: 007A9C81
              • _memset.LIBCMT ref: 007A9C8C
              • _free.LIBCMT ref: 007A9D3E
              • _memcmp.LIBCMT ref: 007A9D68
              • _malloc.LIBCMT ref: 007A9D76
              • _memmove.LIBCMT ref: 007A9D88
                • Part of subcall function 007A5078: GetSystemTime.KERNEL32(?,?,?,?,?,?,007A7926), ref: 007A5082
                • Part of subcall function 007A5078: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,007A7926), ref: 007A5090
                • Part of subcall function 007A5078: __aulldiv.LIBCMT ref: 007A50B0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Time_malloc$System_memset$AllocFileHeap__aulldiv_free_memcmp_memmove
              • String ID: https
              • API String ID: 3634981993-1056335270
              • Opcode ID: f95a78179f8a505cddd3706fdc975fa494945e135375398ac24f10b3b584b7c0
              • Instruction ID: 1905647fb6a1db4ffffae3a15162c7c40ce6b779cd91574ecf3fb5885eec3351
              • Opcode Fuzzy Hash: f95a78179f8a505cddd3706fdc975fa494945e135375398ac24f10b3b584b7c0
              • Instruction Fuzzy Hash: E451AFB1500B00EFDB14EF74D8496A6B7E4FF45310F10862AEA09CB281EB78E9558F90
              Function 00404730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 121COMMON
              Download Yara Rule
              APIs
              Strings
              • ab: Could not open POST data file (%s): %s, xrefs: 00404771
              • ab: Could not read POST data file: %s, xrefs: 00404841
              • ab: Could not allocate POST data buffer, xrefs: 004047F5
              • ab: Could not stat POST data file (%s): %s, xrefs: 004047BA
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf
              • String ID: ab: Could not allocate POST data buffer$ab: Could not open POST data file (%s): %s$ab: Could not read POST data file: %s$ab: Could not stat POST data file (%s): %s
              • API String ID: 383729395-630050437
              • Opcode ID: 3b2107b143804c888e19e2c907a6e6db38d0adb568f7d1294eb3f88bf2949e33
              • Instruction ID: 5ec1177bad957eee24e51120d1417a840a2af49dcd0325367be3a27fb0bc9ce3
              • Opcode Fuzzy Hash: 3b2107b143804c888e19e2c907a6e6db38d0adb568f7d1294eb3f88bf2949e33
              • Instruction Fuzzy Hash: DE31D8B2640104A7D310EB69DC46EAB336CDB84714F00827AFD08B7281D679DC1987DC
              Function 007A6862 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72threadlibraryloaderCOMMON
              Download Yara Rule
              APIs
              • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000), ref: 007A6888
              • GetLastError.KERNEL32(?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A6891
              • GetModuleHandleA.KERNEL32(ntdll,RtlCreateUserThread,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000), ref: 007A68BA
              • GetProcAddress.KERNEL32(00000000), ref: 007A68C1
              • SetLastError.KERNEL32(00000000,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A68F8
              • GetThreadId.KERNEL32(00000000,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A6909
              • SetLastError.KERNEL32(00000008,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A6915
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$Thread$AddressCreateHandleModuleProcRemote
              • String ID: RtlCreateUserThread$ntdll
              • API String ID: 1819768294-687317052
              • Opcode ID: 6c8b77dd6f14488fb2f84d8186d0c4295c4edc8ef4c88a8227f515d7fae6ad5e
              • Instruction ID: b40485aed693cb5efd2d7a232684264012c9fcfbbbe35ed5bd7baadf97622f0b
              • Opcode Fuzzy Hash: 6c8b77dd6f14488fb2f84d8186d0c4295c4edc8ef4c88a8227f515d7fae6ad5e
              • Instruction Fuzzy Hash: AB2179B2500209BFCF108F51DC48E9B3BA9EB46355F04812CFD0992120D73D9D60CFA8
              Function 004063A0 Relevance: 15.2, APIs: 10, Instructions: 197networkCOMMON
              Download Yara Rule
              APIs
              • select.WSOCK32(680040C1,?,?,?,?,00000000,01C9C380,000F4240,00000000,00000000,01C9C380,000F4240,00000000,?,00000000,00000002), ref: 0040645B
              • WSAGetLastError.WSOCK32(?,00000000,00000002,?,00401C1D,?,01C9C380,00000000,00401682,?), ref: 00406472
              • WSAGetLastError.WSOCK32(?,00000000,00000002,?,00401C1D,?,01C9C380,00000000,00401682,?), ref: 0040647C
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$select
              • String ID:
              • API String ID: 1043644060-0
              • Opcode ID: 58822c8b23c4319a487e678a5c4bbf1e94a5b354173d89a4ba058f0c902d929b
              • Instruction ID: aad14e84e10316805939aba1b1148483d37d4f43af9cd58d41b426ceb4abba25
              • Opcode Fuzzy Hash: 58822c8b23c4319a487e678a5c4bbf1e94a5b354173d89a4ba058f0c902d929b
              • Instruction Fuzzy Hash: 85718572A002199BDB11CF15DC80AAB77A8FF44314F0580BAED09EB251D775EA51CBA8
              Function 007A8921 Relevance: 15.1, APIs: 10, Instructions: 111networkCOMMON
              Download Yara Rule
              APIs
              • _memset.LIBCMT ref: 007A8946
              • WSAStartup.WS2_32(00000202,?), ref: 007A895A
              • WSAGetLastError.WS2_32 ref: 007A8964
              • socket.WS2_32(00000017,00000001,00000006), ref: 007A8985
              • setsockopt.WS2_32(00000000,00000029,0000001B,?,00000004), ref: 007A899F
              • closesocket.WS2_32(00000000), ref: 007A89AB
              • socket.WS2_32(00000002,00000001,00000006), ref: 007A89BE
              • htons.WS2_32(00000000), ref: 007A89DE
              • htons.WS2_32(?), ref: 007A89F0
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: htonssocket$ErrorLastStartup_memsetclosesocketsetsockopt
              • String ID:
              • API String ID: 1629790708-0
              • Opcode ID: 3164c8826a8ea6dc186a8f1214fd9d143b3c2b8c3395c6483e2df924f269724c
              • Instruction ID: cec85a969658ff4eb2c818924f45a41bad435f90e34a6b423a329f86a655778b
              • Opcode Fuzzy Hash: 3164c8826a8ea6dc186a8f1214fd9d143b3c2b8c3395c6483e2df924f269724c
              • Instruction Fuzzy Hash: 6031B476A40318BBEB10DBA49C09FEE7778EF09720F108256FA04EB1D1D7B59D508795
              Function 00429082 Relevance: 15.1, APIs: 10, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: 0415da6205f70a90d8d3c188dfb52d74e4a77dc578d2cad38fb35f8fadc55e0d
              • Instruction ID: 2231659825a14e46166fa579d0e3aa238ffe978ea87bcc6e02430085b3b3cb18
              • Opcode Fuzzy Hash: 0415da6205f70a90d8d3c188dfb52d74e4a77dc578d2cad38fb35f8fadc55e0d
              • Instruction Fuzzy Hash: BC217332A011398BFF206F55ACC59677B68EB543357F6012FF90493261C6389C428B98
              Function 00429082 Relevance: 15.1, APIs: 10, Instructions: 84COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: 0415da6205f70a90d8d3c188dfb52d74e4a77dc578d2cad38fb35f8fadc55e0d
              • Instruction ID: 2231659825a14e46166fa579d0e3aa238ffe978ea87bcc6e02430085b3b3cb18
              • Opcode Fuzzy Hash: 0415da6205f70a90d8d3c188dfb52d74e4a77dc578d2cad38fb35f8fadc55e0d
              • Instruction Fuzzy Hash: BC217332A011398BFF206F55ACC59677B68EB543357F6012FF90493261C6389C428B98
              Function 0040B63A Relevance: 15.1, APIs: 10, Instructions: 74COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _initterm$FilterXcpt__getmainargs__p___initenv__p__commode__p__fmode__set_app_type__setusermatherrexit
              • String ID:
              • API String ID: 167530163-0
              • Opcode ID: 47c624472f200f94fb779e5d7000b49dbfff1e67262a55665e34829eb83f0402
              • Instruction ID: 8e3cf1961e8c3bc3bc3059838a8df93c3fb1380d112581f8814b14db448a8bc5
              • Opcode Fuzzy Hash: 47c624472f200f94fb779e5d7000b49dbfff1e67262a55665e34829eb83f0402
              • Instruction Fuzzy Hash: F331F9B5940204EFDB149BE4DD85FA97B78FB09728F10423AF615B62E0CB795844CB6C
              Function 007A6390 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A639E
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007A63B4
              • GetProcAddress.KERNEL32(?,00000002), ref: 007A63FB
              • GetProcAddress.KERNEL32(00000000,00000003), ref: 007A6404
              • GetProcAddress.KERNEL32(00000000,00000005), ref: 007A640D
              • GetProcAddress.KERNEL32(00000000,00000004), ref: 007A6416
              • _free.LIBCMT ref: 007A6472
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
                • Part of subcall function 007A381F: htonl.WS2_32(?), ref: 007A3825
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc$Heap$AllocErrorFreeLast_free_malloc_memsethtonl
              • String ID: 8:X
              • API String ID: 79161331-2501929605
              • Opcode ID: 36f035635d35180904b818d9e065fa748a5626ca0ec5dde411bf693838bb34f2
              • Instruction ID: cf4458a6b73e2471b7e99f990b1f2ce560d9d4f8b92ba963094912996384742a
              • Opcode Fuzzy Hash: 36f035635d35180904b818d9e065fa748a5626ca0ec5dde411bf693838bb34f2
              • Instruction Fuzzy Hash: CD41DE31600606EFDB209F64D845F1ABBB0FF89720F148229EA0467691D779AE60DFD0
              Function 007A8E70 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99COMMON
              Download Yara Rule
              APIs
              • _mbstowcs_s.LIBCMT ref: 007A8EA4
                • Part of subcall function 007B0867: __wcstombs_s_l.LIBCMT ref: 007B087B
                • Part of subcall function 007A5078: GetSystemTime.KERNEL32(?,?,?,?,?,?,007A7926), ref: 007A5082
                • Part of subcall function 007A5078: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,007A7926), ref: 007A5090
                • Part of subcall function 007A5078: __aulldiv.LIBCMT ref: 007A50B0
              • _strncmp.LIBCMT ref: 007A8EBF
              • _strstr.LIBCMT ref: 007A8EDB
              • _strrchr.LIBCMT ref: 007A8EE6
              • _strrchr.LIBCMT ref: 007A8EFE
                • Part of subcall function 007B3806: __wcstoi64.LIBCMT ref: 007B3810
                • Part of subcall function 007A87B2: _memset.LIBCMT ref: 007A87D9
                • Part of subcall function 007A87B2: WSAStartup.WS2_32(00000202,?), ref: 007A87ED
                • Part of subcall function 007A87B2: WSAGetLastError.WS2_32 ref: 007A87F7
              • SetHandleInformation.KERNEL32(?,00000001,00000000), ref: 007A8F6B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Time$System_strrchr$ErrorFileHandleInformationLastStartup__aulldiv__wcstoi64__wcstombs_s_l_mbstowcs_s_memset_strncmp_strstr
              • String ID: 6$tcp
              • API String ID: 814609884-2319321990
              • Opcode ID: cda63753d5cd02c56b99818f92e5ceb93529e0f7f02056657e145caa343b39d5
              • Instruction ID: 7df00d9f019ddb3cd80d2f94a0601a7ea17bcaaf448234f432a1871cd40ec70c
              • Opcode Fuzzy Hash: cda63753d5cd02c56b99818f92e5ceb93529e0f7f02056657e145caa343b39d5
              • Instruction Fuzzy Hash: 4F310AB2504305BFEB21BB60CC4EFABB7ADAF46300F104159F64596182EF7AA9408B52
              Function 007A48CA Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81memoryinjectionlibraryCOMMON
              Download Yara Rule
              APIs
              • VirtualAlloc.KERNEL32(?,?,00003000,00000040,?,?,?,00000000,?,007A43F1,00000100,?,000000FF,00000000), ref: 007A48F2
              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,?,?,?,00000000,?,007A43F1,00000100,?,000000FF,00000000), ref: 007A4909
              • GetModuleHandleA.KERNEL32(ntdll,NtLockVirtualMemory,?,?,?,00000000,?,007A43F1,00000100,?,000000FF,00000000), ref: 007A4924
              • GetProcAddress.KERNEL32(00000000), ref: 007A492B
              • WriteProcessMemory.KERNEL32(000000FF,?,?,?,00000000,?,?,?,00000000,?,007A43F1,00000100,?,000000FF,00000000), ref: 007A4965
              • WriteProcessMemory.KERNEL32(000000FF,?,?,?,00000000,?,?,?,00000000,?,007A43F1,00000100,?,000000FF,00000000), ref: 007A499A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocMemoryProcessVirtualWrite$AddressHandleModuleProc
              • String ID: NtLockVirtualMemory$ntdll
              • API String ID: 1502369038-2974287352
              • Opcode ID: 9edc5d4072d50d604b33ec21ee79912c2810616b18b188f8fdc1eb27b855249c
              • Instruction ID: 4abe455b41eb6447b7d482b794555af92b3ff587c70da7541c16b8e7a253a108
              • Opcode Fuzzy Hash: 9edc5d4072d50d604b33ec21ee79912c2810616b18b188f8fdc1eb27b855249c
              • Instruction Fuzzy Hash: C0314F71200605BBCB188FA5CC85FE6B7A4FF09750F108619F66986190D7B5B990CF94
              Function 00408DB0 Relevance: 13.8, APIs: 9, Instructions: 303networkCOMMON
              Download Yara Rule
              APIs
              • #21.WSOCK32(?,0000FFFF,00000008,?,00000004,00000001,00401686,?,00000001,00000000,?,00401682,?,00000000,00000000,00000001), ref: 00408E13
              • #21.WSOCK32(?,0000FFFF,00000001,0040167E,00000004,00000001,?,?,?,01C9C380,00000000,00401682,?), ref: 00408E6E
              • #21.WSOCK32(?,0000FFFF,00000004,?,00000004), ref: 00408ECD
              • #21.WSOCK32(?,0000FFFF,00000080,?,00000004,00401682,?,?,004038EF,?,00000008,00000001,00401686,?,00000001,00000000), ref: 00408FA6
              • #21.WSOCK32(?,0000FFFF,00001001,00000000,00000004,00401682,?,?,004038EF,?,00000008,00000001,00401686,?,00000001,00000000), ref: 00408FF2
              • #21.WSOCK32(?,00000006,00000001,00000000,00000004,00401682,?,?,004038EF,?,00000008,00000001,00401686,?,00000001,00000000), ref: 0040905A
              • WSAGetLastError.WSOCK32(?,?,004038EF,?,00000008,00000001,00401686,?,00000001,00000000,?,00401682,?,00000000,00000000,00000001), ref: 0040906B
              • WSAGetLastError.WSOCK32(?,?,004038EF,?,00000008,00000001,00401686,?,00000001,00000000,?,00401682,?,00000000,00000000,00000001), ref: 00409078
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast
              • String ID:
              • API String ID: 1452528299-0
              • Opcode ID: a86d585026920662851b595f17812258bda62de1e2180445dab3d01c6b994e67
              • Instruction ID: 8f8cd576bd819d0c97d16d3837d398608ac9677c7d9be360b0a79d045ce8cd1c
              • Opcode Fuzzy Hash: a86d585026920662851b595f17812258bda62de1e2180445dab3d01c6b994e67
              • Instruction Fuzzy Hash: F191D1726106059BE720CF68DD81AAB73D9EF44320F14863FF946EBAD0E635EC508B84
              Function 007A87B2 Relevance: 13.6, APIs: 9, Instructions: 97networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$Startup_memsetfreeaddrinfogetaddrinfosocket
              • String ID:
              • API String ID: 3817943115-0
              • Opcode ID: 73aa3d2e681248e1e73adcdb61fa12d0a9a219a696e06e90a538d9d250fe24b8
              • Instruction ID: dcf955e48db31332485ff29dcfb6bfa98c1cfaf3fffde29b28b13d1e21fbd698
              • Opcode Fuzzy Hash: 73aa3d2e681248e1e73adcdb61fa12d0a9a219a696e06e90a538d9d250fe24b8
              • Instruction Fuzzy Hash: CF317E75A00208EFCB109FB4DC489DEBB78FF8A360F508269F911E7251DB389950DB95
              Function 00403860 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 176COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00404CE0: free.MSVCRT(00000000,?,?,00000000,00000001,?,?,?,01C9C380,00000000,00401682,?), ref: 00404DE4
              • fprintf.MSVCRT ref: 004039FB
                • Part of subcall function 00401E40: fprintf.MSVCRT ref: 00401E6B
                • Part of subcall function 00401E40: printf.MSVCRT ref: 00401E83
                • Part of subcall function 00401E40: exit.MSVCRT ref: 00401E8D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fprintf$exitfreeprintf
              • String ID: Test aborted after 10 failures$apr_socket_connect()$socket$socket nonblock$socket receive buffer$socket send buffer
              • API String ID: 2990634465-2661476521
              • Opcode ID: 3ec612c9898c77c8d636f9c2587b9eb1d5113d46ff696605a61dc9c2ac0b560f
              • Instruction ID: de91daf92c30cbec868cb37b282e72f7f736d9f3d13f6e05d6dd97bf14499f43
              • Opcode Fuzzy Hash: 3ec612c9898c77c8d636f9c2587b9eb1d5113d46ff696605a61dc9c2ac0b560f
              • Instruction Fuzzy Hash: 6651C7B5A002019FD710EF55ECC1AABB7E8EB44304B10C57FF549A3391D7B8AD448BA9
              Function 00406FA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115networkstringCOMMON
              Download Yara Rule
              APIs
              • strspn.MSVCRT ref: 00406FD2
              • inet_addr.WSOCK32(00000000,?,?,?,?,?,004117FC,?,00000000,00000000,00000000,?), ref: 00406FF2
              • gethostbyname.WSOCK32(00000000,00401B22,00000000,00000002,Connection: Keep-Alive,?,00401B22,004117FC,?,00000000,00000000,00000000,?), ref: 0040707E
              • WSAGetLastError.WSOCK32(?,00401B22,004117FC,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,004117F8), ref: 00407091
              • WSAGetLastError.WSOCK32(?,00401B22,004117FC,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,004117F8), ref: 00407097
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$gethostbynameinet_addrstrspn
              • String ID: 0.0.0.0$0123456789.
              • API String ID: 601764835-1678653780
              • Opcode ID: adce9aa9bb6b8959386101f623a4314ccc050b20d311c3b00f80d0c74d0fbbcc
              • Instruction ID: 506d2f1c4acc5398e38741b33c180efab8e8d3cc86edfdb96eb05c5fc29cf7f8
              • Opcode Fuzzy Hash: adce9aa9bb6b8959386101f623a4314ccc050b20d311c3b00f80d0c74d0fbbcc
              • Instruction Fuzzy Hash: B7416D71E012199FCB10CF69C98099AB7E5EF88324F10827AE819E7391D679ED42CF95
              Function 007A779C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 94pipeCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007A770B: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 007A7717
                • Part of subcall function 007A770B: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 007A771E
                • Part of subcall function 007A770B: GetLastError.KERNEL32(?,?,?,?,?,007A77B7,SeSecurityPrivilege,00000001,?,?,00000000,?,?,?,?,?), ref: 007A7728
              • CreateNamedPipeA.KERNEL32(?,40000003,00000000,000000FF,00010000,00010000,00000000,?), ref: 007A77F5
              • CreateNamedPipeA.KERNEL32(?,40000003,00000000,000000FF,00010000,00010000,00000000,00000000), ref: 007A7838
              • GetLastError.KERNEL32 ref: 007A7845
                • Part of subcall function 007A7604: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,74DF22C0), ref: 007A7632
                • Part of subcall function 007A7604: SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?), ref: 007A7676
                • Part of subcall function 007A7604: AllocateAndInitializeSid.ADVAPI32(?,00000001,00001000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,007A77D9), ref: 007A769E
                • Part of subcall function 007A7604: LocalAlloc.KERNEL32(00000040,00000100), ref: 007A76AE
                • Part of subcall function 007A7604: InitializeAcl.ADVAPI32(00000000,00000100,00000004), ref: 007A76B6
                • Part of subcall function 007A7604: LocalAlloc.KERNEL32(00000040,00000014,00000000,00000004,00000004,00000000,007A77D9), ref: 007A76D0
                • Part of subcall function 007A7604: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 007A76D7
                • Part of subcall function 007A7604: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 007A76E4
                • Part of subcall function 007A7604: SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 007A76EF
              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000), ref: 007A785B
              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 007A7869
                • Part of subcall function 007A770B: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 007A7739
                • Part of subcall function 007A770B: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,00000000), ref: 007A7776
                • Part of subcall function 007A770B: CloseHandle.KERNEL32(?), ref: 007A7790
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CreateInitialize$DescriptorSecurity$AllocAllocateErrorEventLastLocalNamedPipeProcessToken$AdjustCloseCurrentDaclEntriesHandleLookupOpenPrivilegePrivilegesSaclValue
              • String ID: SeSecurityPrivilege$SeSecurityPrivilege
              • API String ID: 2580897795-1340523147
              • Opcode ID: 23ca228d73a069c40b6e2eada15ca9bbbe16b8f536d9fa44de13af1c98a5d99a
              • Instruction ID: bba7fe80e77ba3aa35a2cb2fba170951a4b81814c007be41c8e17fbabb7978af
              • Opcode Fuzzy Hash: 23ca228d73a069c40b6e2eada15ca9bbbe16b8f536d9fa44de13af1c98a5d99a
              • Instruction Fuzzy Hash: 3821E7B0A04225BAD721DB758C49FEBBBACFF4A760F400325F518D2180D7B8D990C6E5
              Function 007A9E2E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53networkCOMMON
              Download Yara Rule
              APIs
              • HttpOpenRequestW.WININET(?,GET,?,00000000,00000000,00000000,84600200,00000000), ref: 007A9E64
              • SetLastError.KERNEL32(00000490), ref: 007A9E75
              • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 007A9E91
              • SetLastError.KERNEL32(00000490), ref: 007A9EA0
              • InternetCloseHandle.WININET(00000000), ref: 007A9EA7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorInternetLast$CloseHandleHttpOpenOptionRequest
              • String ID: GET$POST
              • API String ID: 4051435859-3192705859
              • Opcode ID: 009e20693bf328ba2f4d46f0ae5c41a4ab55ab5ca8615f440e7fe3d3c45b0c86
              • Instruction ID: 6945b595330f79647e3e317cb5c3c039061be1f850ae6d0ff9ca5aca170eaad0
              • Opcode Fuzzy Hash: 009e20693bf328ba2f4d46f0ae5c41a4ab55ab5ca8615f440e7fe3d3c45b0c86
              • Instruction Fuzzy Hash: C901B17230420ABFEB104F519C89EAB77ACEF46795B408138FB05D6152D738CD908BA4
              Function 007A7B77 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(kernel32.dll,0000001C,00000000,?,007A79F7), ref: 007A7B8E
              • GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 007A7BA0
              • GetCurrentProcessId.KERNEL32(007A79F7,0000001C,00000000,?,007A79F7), ref: 007A7BBA
              • ProcessIdToSessionId.KERNEL32(00000000,?,007A79F7), ref: 007A7BC1
              • FreeLibrary.KERNEL32(00000000,?,007A79F7), ref: 007A7BDA
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: LibraryProcess$AddressCurrentFreeLoadProcSession
              • String ID: ProcessIdToSessionId$kernel32.dll
              • API String ID: 4183634105-3889420803
              • Opcode ID: 96c92a6e92bcb32296e67e14de6b7768d481cec359a3e2d02b23f0c3fc50b6c6
              • Instruction ID: c3e0c7a95903a93d8c00d1a73672b6b7bfe3d477cd97f3159a389c00ded8dfe9
              • Opcode Fuzzy Hash: 96c92a6e92bcb32296e67e14de6b7768d481cec359a3e2d02b23f0c3fc50b6c6
              • Instruction Fuzzy Hash: FFF0ADB0901618FB8B14DFA69D08D9E73A8BE4A711300826DEC02E3610DB388D01C7A9
              Function 0041C71B Relevance: 12.2, APIs: 8, Instructions: 235COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_calloc_memcmp_memmove$_malloc
              • String ID:
              • API String ID: 4257371078-0
              • Opcode ID: d24a8ce173efc2c475ce5d747fd37831356f648601aa0c2d2a9fba6f49a7699f
              • Instruction ID: 6716b8483292c6019433bd08f5cd8c7d8cf6a979ee003315c2aa61cd8b0202d1
              • Opcode Fuzzy Hash: d24a8ce173efc2c475ce5d747fd37831356f648601aa0c2d2a9fba6f49a7699f
              • Instruction Fuzzy Hash: 5281B272540214BBDB109F65DC85BEA37A8EF19310F08417EFD489F246DBB899D0CBA8
              Function 0041C71B Relevance: 12.2, APIs: 8, Instructions: 235COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_calloc_memcmp_memmove$_malloc
              • String ID:
              • API String ID: 4257371078-0
              • Opcode ID: d24a8ce173efc2c475ce5d747fd37831356f648601aa0c2d2a9fba6f49a7699f
              • Instruction ID: 6716b8483292c6019433bd08f5cd8c7d8cf6a979ee003315c2aa61cd8b0202d1
              • Opcode Fuzzy Hash: d24a8ce173efc2c475ce5d747fd37831356f648601aa0c2d2a9fba6f49a7699f
              • Instruction Fuzzy Hash: 5281B272540214BBDB109F65DC85BEA37A8EF19310F08417EFD489F246DBB899D0CBA8
              Function 0041F051 Relevance: 12.2, APIs: 8, Instructions: 163COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_memset$__aulldiv_free_memcmp_memmove
              • String ID:
              • API String ID: 3316937673-0
              • Opcode ID: 554e7431fefcdf96d2cf6790a50c1959e2f51736910163403590e397ee381b12
              • Instruction ID: c5dbad2f2f9f75f661a2bc210ac299fdd1371d8d1bc3785f62da044b2cf3abeb
              • Opcode Fuzzy Hash: 554e7431fefcdf96d2cf6790a50c1959e2f51736910163403590e397ee381b12
              • Instruction Fuzzy Hash: B65190B1600701AFE714EF35E841A97B7E4FF44310F90452EE94ADB281EB78E9458F98
              Function 0041F051 Relevance: 12.2, APIs: 8, Instructions: 163COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_memset$__aulldiv_free_memcmp_memmove
              • String ID:
              • API String ID: 3316937673-0
              • Opcode ID: 554e7431fefcdf96d2cf6790a50c1959e2f51736910163403590e397ee381b12
              • Instruction ID: c5dbad2f2f9f75f661a2bc210ac299fdd1371d8d1bc3785f62da044b2cf3abeb
              • Opcode Fuzzy Hash: 554e7431fefcdf96d2cf6790a50c1959e2f51736910163403590e397ee381b12
              • Instruction Fuzzy Hash: B65190B1600701AFE714EF35E841A97B7E4FF44310F90452EE94ADB281EB78E9458F98
              Function 007A424E Relevance: 12.1, APIs: 8, Instructions: 104COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A4288
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _free.LIBCMT ref: 007A435C
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocHeap_free_malloc
              • String ID:
              • API String ID: 2734353464-0
              • Opcode ID: f0cdf749a29b63b12138d0e967a69a1c82651f4b24368f55ad69cd967dd19877
              • Instruction ID: de00b84a47ba485ad5d9043f3aa75cb789760ad6ece39006102e57c90c8b9a6d
              • Opcode Fuzzy Hash: f0cdf749a29b63b12138d0e967a69a1c82651f4b24368f55ad69cd967dd19877
              • Instruction Fuzzy Hash: 9031C875A10219EFCB00DF68DC40A5A7FE8FF89314B11426AF809A7252D775ED51CBD4
              Function 007A86F9 Relevance: 12.1, APIs: 8, Instructions: 63networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastStartup_memsetgethostbynamehtonsinet_addrinet_ntoasocket
              • String ID:
              • API String ID: 2917347708-0
              • Opcode ID: 886da4bd8353005cd3966596d70eca3a8475cbb1dab9d878b69e6dc4627d9c66
              • Instruction ID: 7e858e57efcf325fc3e7f03684d192dee4900166a314dde9a771b0dbdc49ded3
              • Opcode Fuzzy Hash: 886da4bd8353005cd3966596d70eca3a8475cbb1dab9d878b69e6dc4627d9c66
              • Instruction Fuzzy Hash: B311D675A00208AFDB119FA0DC49FEAB7BCFF4A310F504269FD05D6161EB758550CB55
              Function 00409340 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • _close.MSVCRT ref: 00409376
              • SetStdHandle.KERNEL32(000000F4,000000FF), ref: 00409383
                • Part of subcall function 0040B2D0: WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000FFF,00000003,?,?,00409361,00000003,?,00000003,?,0040963D), ref: 0040B31F
              • _close.MSVCRT ref: 00409394
              • SetStdHandle.KERNEL32(000000F5,000000FF), ref: 004093A1
              • _close.MSVCRT ref: 004093B2
              • SetStdHandle.KERNEL32(000000F6,000000FF), ref: 004093BF
              • CloseHandle.KERNEL32(?,?,00000003,?,0040963D,00000000,-00000058,00000000,?,?,?,?,00000060), ref: 004093E7
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Handle$_close$CloseFileWrite
              • String ID:
              • API String ID: 1510869235-0
              • Opcode ID: c742f5363e677c1983f24ee12d1eeb4b77565f7eeaabb40d1b224d7a704b55bb
              • Instruction ID: 3e9a8869303e23c87e3bcfb78bfe4492e94e13d21de3461e32a59b7d14b24431
              • Opcode Fuzzy Hash: c742f5363e677c1983f24ee12d1eeb4b77565f7eeaabb40d1b224d7a704b55bb
              • Instruction Fuzzy Hash: 4811B230108610DFEA204FA9ED88B1737A4AB05335F244735F936F62E2C678DC418F59
              Function 00407EF0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 193COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: modf$_ftol
              • String ID: N
              • API String ID: 891573039-1130791706
              • Opcode ID: 2928a30efa355423a129806178a666fa68242c438fd32012e58ee308a4a0ea74
              • Instruction ID: c9abfc0432f47dd2bf1326b3e280feee5fa4e6215a30057cce0fd390e68c3a15
              • Opcode Fuzzy Hash: 2928a30efa355423a129806178a666fa68242c438fd32012e58ee308a4a0ea74
              • Instruction Fuzzy Hash: 3D61D57190050EDBCB019F58EAC069EBB74FB45344F2242BADCC477291DB35496ACB9A
              Function 0041D35C Relevance: 10.7, APIs: 7, Instructions: 166COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_malloc$_memcpy_s_memmove
              • String ID:
              • API String ID: 440554447-0
              • Opcode ID: a0e886be81ae5db1dda43758f798bdeec5dd24307c0779c12730d176711c0e11
              • Instruction ID: bcff36c8883d155ae0857f449dab28c31c97d55052a4d5c2ec8da6a8b0998c9d
              • Opcode Fuzzy Hash: a0e886be81ae5db1dda43758f798bdeec5dd24307c0779c12730d176711c0e11
              • Instruction Fuzzy Hash: 6C51B2B2E00209BFEB10DBA5DC85EDE77BCEB08314F104126F911E3141E778E9958BA9
              Function 0041D35C Relevance: 10.7, APIs: 7, Instructions: 166COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_malloc$_memcpy_s_memmove
              • String ID:
              • API String ID: 440554447-0
              • Opcode ID: a0e886be81ae5db1dda43758f798bdeec5dd24307c0779c12730d176711c0e11
              • Instruction ID: bcff36c8883d155ae0857f449dab28c31c97d55052a4d5c2ec8da6a8b0998c9d
              • Opcode Fuzzy Hash: a0e886be81ae5db1dda43758f798bdeec5dd24307c0779c12730d176711c0e11
              • Instruction Fuzzy Hash: 6C51B2B2E00209BFEB10DBA5DC85EDE77BCEB08314F104126F911E3141E778E9958BA9
              Function 0041C07E Relevance: 10.6, APIs: 7, Instructions: 149COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _calloc_memmove$__snprintf_s_free_malloc
              • String ID:
              • API String ID: 4059879588-0
              • Opcode ID: 275ec6efab36fb76833f6a32e898521093dda992f60fb60b29f173df6d4d7b9b
              • Instruction ID: cdb26767d791d4b52e6e2d716b77270787f46640496463c031c886d83b0693b1
              • Opcode Fuzzy Hash: 275ec6efab36fb76833f6a32e898521093dda992f60fb60b29f173df6d4d7b9b
              • Instruction Fuzzy Hash: BE415F71980705BBD721ABB59C82FEF77A8EF44714F10452FF904A6182EB7DD8808A98
              Function 0041C07E Relevance: 10.6, APIs: 7, Instructions: 149COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _calloc_memmove$__snprintf_s_free_malloc
              • String ID:
              • API String ID: 4059879588-0
              • Opcode ID: 275ec6efab36fb76833f6a32e898521093dda992f60fb60b29f173df6d4d7b9b
              • Instruction ID: cdb26767d791d4b52e6e2d716b77270787f46640496463c031c886d83b0693b1
              • Opcode Fuzzy Hash: 275ec6efab36fb76833f6a32e898521093dda992f60fb60b29f173df6d4d7b9b
              • Instruction Fuzzy Hash: BE415F71980705BBD721ABB59C82FEF77A8EF44714F10452FF904A6182EB7DD8808A98
              Function 007A7D53 Relevance: 10.6, APIs: 7, Instructions: 130COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A7D62
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007A7D70
              • _memmove.LIBCMT ref: 007A7D8F
              • _memmove.LIBCMT ref: 007A7DA1
              • _memset.LIBCMT ref: 007A7DEF
              • _memset.LIBCMT ref: 007A7E67
              • _memset.LIBCMT ref: 007A7E71
                • Part of subcall function 007A9B4C: _wcsncpy.LIBCMT ref: 007A9B7E
                • Part of subcall function 007A9B4C: _wcsncpy.LIBCMT ref: 007A9B9B
                • Part of subcall function 007A9B4C: _memmove.LIBCMT ref: 007A9BB5
                • Part of subcall function 007A9B4C: _wcsncpy.LIBCMT ref: 007A9BD2
                • Part of subcall function 007A9B4C: _wcsncpy.LIBCMT ref: 007A9BEC
                • Part of subcall function 007A9B4C: _wcsncpy.LIBCMT ref: 007A9C06
                • Part of subcall function 007A9B4C: _wcscpy.LIBCMT ref: 007A9C1E
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcsncpy$_memset$_memmove$AllocHeap_malloc_wcscpy
              • String ID:
              • API String ID: 3614846373-0
              • Opcode ID: cb5f15d2a9f1a3d56b6696cdae8b8f848e3c505e043a3ab9013abaa8bfb8b9d3
              • Instruction ID: 3ce4b3d779b268816eae8eb3693b116af8a08c6ead38a672552ba1f20a9f41a7
              • Opcode Fuzzy Hash: cb5f15d2a9f1a3d56b6696cdae8b8f848e3c505e043a3ab9013abaa8bfb8b9d3
              • Instruction Fuzzy Hash: 4E41D471604208FFDB259F69CC86FAF77A8EF86350F144599F904AB242D639ED50CBA0
              Function 0041D153 Relevance: 10.6, APIs: 7, Instructions: 130COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 0041D162
                • Part of subcall function 00424BC0: __FF_MSGBANNER.LIBCMT ref: 00424BD7
                • Part of subcall function 00424BC0: __NMSG_WRITE.LIBCMT ref: 00424BDE
              • _memset.LIBCMT ref: 0041D170
              • _memmove.LIBCMT ref: 0041D18F
              • _memmove.LIBCMT ref: 0041D1A1
              • _memset.LIBCMT ref: 0041D1EF
              • _memset.LIBCMT ref: 0041D267
              • _memset.LIBCMT ref: 0041D271
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EF7E
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EF9B
                • Part of subcall function 0041EF4C: _memmove.LIBCMT ref: 0041EFB5
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EFD2
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EFEC
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041F006
                • Part of subcall function 0041EF4C: _wcscpy.LIBCMT ref: 0041F01E
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcsncpy$_memset$_memmove$_malloc_wcscpy
              • String ID:
              • API String ID: 4227099964-0
              • Opcode ID: 68dff863b114ebd9f7b42138fba8ea38291efdf0ac9fe73a3f869149471d2349
              • Instruction ID: 26f6f865e77d6fe05a06e01f1a62a68e9af9aaa08a26e7263f0eaf5af7b09bb1
              • Opcode Fuzzy Hash: 68dff863b114ebd9f7b42138fba8ea38291efdf0ac9fe73a3f869149471d2349
              • Instruction Fuzzy Hash: E141B7B1A00214BBDB10DF5ADCC5FAB77A8EF44354F54405AFD14AB242D739E980CB68
              Function 0041D153 Relevance: 10.6, APIs: 7, Instructions: 130COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 0041D162
                • Part of subcall function 00424BC0: __FF_MSGBANNER.LIBCMT ref: 00424BD7
                • Part of subcall function 00424BC0: __NMSG_WRITE.LIBCMT ref: 00424BDE
              • _memset.LIBCMT ref: 0041D170
              • _memmove.LIBCMT ref: 0041D18F
              • _memmove.LIBCMT ref: 0041D1A1
              • _memset.LIBCMT ref: 0041D1EF
              • _memset.LIBCMT ref: 0041D267
              • _memset.LIBCMT ref: 0041D271
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EF7E
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EF9B
                • Part of subcall function 0041EF4C: _memmove.LIBCMT ref: 0041EFB5
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EFD2
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041EFEC
                • Part of subcall function 0041EF4C: _wcsncpy.LIBCMT ref: 0041F006
                • Part of subcall function 0041EF4C: _wcscpy.LIBCMT ref: 0041F01E
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcsncpy$_memset$_memmove$_malloc_wcscpy
              • String ID:
              • API String ID: 4227099964-0
              • Opcode ID: 68dff863b114ebd9f7b42138fba8ea38291efdf0ac9fe73a3f869149471d2349
              • Instruction ID: 26f6f865e77d6fe05a06e01f1a62a68e9af9aaa08a26e7263f0eaf5af7b09bb1
              • Opcode Fuzzy Hash: 68dff863b114ebd9f7b42138fba8ea38291efdf0ac9fe73a3f869149471d2349
              • Instruction Fuzzy Hash: E141B7B1A00214BBDB10DF5ADCC5FAB77A8EF44354F54405AFD14AB242D739E980CB68
              Function 004065F0 Relevance: 10.6, APIs: 7, Instructions: 93networkCOMMON
              Download Yara Rule
              APIs
              • socket.WSOCK32(00000001,00000000,00000000,?,?,?,01C9C380,00000000,00401682,?), ref: 0040661B
              • WSAGetLastError.WSOCK32(?,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 00406636
              • WSAGetLastError.WSOCK32(?,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 00406640
              • SetHandleInformation.KERNEL32(?,00000001,00000000,?,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 0040665C
              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 00406664
              • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002), ref: 0040667C
              • closesocket.WSOCK32(?,?,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 0040668C
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorHandleLast$CurrentDuplicateInformationProcessclosesocketsocket
              • String ID:
              • API String ID: 3376228477-0
              • Opcode ID: 2e28e6d1a58ea0a1196af54c03e98cebdb2b8dbc8325536359525752a2727246
              • Instruction ID: dc9d384bd9aef652eac403ddbbeb49409b88bc3a846a97a3ccc30e8094f320cf
              • Opcode Fuzzy Hash: 2e28e6d1a58ea0a1196af54c03e98cebdb2b8dbc8325536359525752a2727246
              • Instruction Fuzzy Hash: 49314DB5600204AFD710DF64DC85E67B7A9FF48324F21862AF945AB281C736EC50CBA8
              Function 007A659C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 007A65C8
              • _wcschr.LIBCMT ref: 007A65E0
              • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 007A65FE
              • GetComputerNameW.KERNEL32(?,?), ref: 007A660F
              • __snprintf_s.LIBCMT ref: 007A6639
                • Part of subcall function 007B2C53: __vsnwprintf_s_l.LIBCMT ref: 007B2C68
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ComputerDirectoryInformationNameSystemVolume__snprintf_s__vsnwprintf_s_l_wcschr
              • String ID: %04x-%04x:%s
              • API String ID: 3116242082-4041933335
              • Opcode ID: de9e25dcd9ba039ef241f7840fd4cef047be46a32356715de38114c9a9750c79
              • Instruction ID: 1e6136b44f67f235f0391012355248f1b891f716faba1fdd56eb9c3c929f11db
              • Opcode Fuzzy Hash: de9e25dcd9ba039ef241f7840fd4cef047be46a32356715de38114c9a9750c79
              • Instruction Fuzzy Hash: E61163B290011CBBDB10EB65DC8EDEF77BCEB96710F04456EF504D2151E6789E858A70
              Function 007A28C1 Relevance: 10.6, APIs: 7, Instructions: 72sleepthreadCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007A6862: CreateRemoteThread.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000), ref: 007A6888
                • Part of subcall function 007A6862: GetLastError.KERNEL32(?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A6891
                • Part of subcall function 007A6862: GetModuleHandleA.KERNEL32(ntdll,RtlCreateUserThread,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000), ref: 007A68BA
                • Part of subcall function 007A6862: GetProcAddress.KERNEL32(00000000), ref: 007A68C1
                • Part of subcall function 007A6862: SetLastError.KERNEL32(00000000,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A68F8
                • Part of subcall function 007A6862: GetThreadId.KERNEL32(00000000,?,?,007A28E3,?,00100000,00000000,?,00000004,00000000,00000000,00000000,?,?,?,007A1DFF), ref: 007A6909
              • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 007A2919
              • Sleep.KERNEL32(000007D0,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?), ref: 007A2955
              • ResumeThread.KERNEL32(00000000,00000000,00000000,?,00000000,?,?), ref: 007A295C
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00000000,?,00000000,?,?), ref: 007A2967
              • CloseHandle.KERNEL32(00000000), ref: 007A2974
              • SetLastError.KERNEL32(00000000), ref: 007A297B
              • GetLastError.KERNEL32(00000000), ref: 007A2989
                • Part of subcall function 007A2993: _memset.LIBCMT ref: 007A29AC
                • Part of subcall function 007A2993: GetVersionExW.KERNEL32(00000114,?,?,00000000), ref: 007A29C5
                • Part of subcall function 007A2993: GetLastError.KERNEL32(?,?,00000000), ref: 007A29CF
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$Thread$Handle$AddressCloseCreateModuleProcRemoteResumeSleepVersion_memset
              • String ID:
              • API String ID: 1341253150-0
              • Opcode ID: c0113e528c7235ed3e493482b3a708e7c183b6b90d14d6f5f7dd702c7a7b7aff
              • Instruction ID: 2d55bc60a9e33c1f2b0a726c7d74564bf3873fec1eeb25a49ac5da7240509d10
              • Opcode Fuzzy Hash: c0113e528c7235ed3e493482b3a708e7c183b6b90d14d6f5f7dd702c7a7b7aff
              • Instruction Fuzzy Hash: B421F231800109FBCF115F54CC09ADF7B75EF86B60F108219FD0872152D7399AA2DB95
              Function 007A9B4C Relevance: 10.6, APIs: 7, Instructions: 70COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcsncpy$_memmove_wcscpy
              • String ID:
              • API String ID: 2086914641-0
              • Opcode ID: e562fbe623909a4c0a364d380150625a5a63f802e6031f5ce03cc012f70aa93c
              • Instruction ID: 63935b8be327eba08068bff68d8b78542395076e19f4f71638e590ad379bc327
              • Opcode Fuzzy Hash: e562fbe623909a4c0a364d380150625a5a63f802e6031f5ce03cc012f70aa93c
              • Instruction Fuzzy Hash: 0E219DB1500A0AEBDB219F74D809F86B3E8FB08314F048629E64A57581E779F1A5CBD5
              Function 0041EF4C Relevance: 10.6, APIs: 7, Instructions: 70COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcsncpy$_memmove_wcscpy
              • String ID:
              • API String ID: 2086914641-0
              • Opcode ID: e562fbe623909a4c0a364d380150625a5a63f802e6031f5ce03cc012f70aa93c
              • Instruction ID: c33da789a01deccdf5d5e706da6115b679341db45af472284e0789d604cde906
              • Opcode Fuzzy Hash: e562fbe623909a4c0a364d380150625a5a63f802e6031f5ce03cc012f70aa93c
              • Instruction Fuzzy Hash: FB21C7B1600B06BFCB119F65D805B82B3E8FB08308F00412AEA0D53681E379F0A6CB89
              Function 0041EF4C Relevance: 10.6, APIs: 7, Instructions: 70COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcsncpy$_memmove_wcscpy
              • String ID:
              • API String ID: 2086914641-0
              • Opcode ID: e562fbe623909a4c0a364d380150625a5a63f802e6031f5ce03cc012f70aa93c
              • Instruction ID: c33da789a01deccdf5d5e706da6115b679341db45af472284e0789d604cde906
              • Opcode Fuzzy Hash: e562fbe623909a4c0a364d380150625a5a63f802e6031f5ce03cc012f70aa93c
              • Instruction Fuzzy Hash: FB21C7B1600B06BFCB119F65D805B82B3E8FB08308F00412AEA0D53681E379F0A6CB89
              Function 007A36DF Relevance: 10.6, APIs: 7, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • _memset.LIBCMT ref: 007A36F8
              • _memset.LIBCMT ref: 007A3725
              • _free.LIBCMT ref: 007A372C
              • _free.LIBCMT ref: 007A3735
              • _free.LIBCMT ref: 007A3700
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • _memset.LIBCMT ref: 007A3759
              • _free.LIBCMT ref: 007A375F
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_memset$ErrorFreeHeapLast
              • String ID:
              • API String ID: 622543930-0
              • Opcode ID: ca33c4156e3224decfb93cd0e3effd4b786cdfaa88e0b5e7f1845dc72d96bc6a
              • Instruction ID: 070c83e2852ffbf8dc954b1d2c5281f5a1aaa14c626c813ebd7f3b9620c9d8e2
              • Opcode Fuzzy Hash: ca33c4156e3224decfb93cd0e3effd4b786cdfaa88e0b5e7f1845dc72d96bc6a
              • Instruction Fuzzy Hash: 640192B3000600E7EA263A58CC4AB9AB7A5BFCA714F100729F148245B1DB6AB9A0D685
              Function 00418ADF Relevance: 10.6, APIs: 7, Instructions: 53COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_memset
              • String ID:
              • API String ID: 4237643672-0
              • Opcode ID: 172f5412d40c742a0436315131ee78bb28553443ce6c0e4d672c0d48a06cf52d
              • Instruction ID: 4949e5e280427d9c2903666b118ad7a011addbd700351a07de4adb0562bb69d9
              • Opcode Fuzzy Hash: 172f5412d40c742a0436315131ee78bb28553443ce6c0e4d672c0d48a06cf52d
              • Instruction Fuzzy Hash: 6701D272604A10B7DE223A1AEC02FD6BBA5EF44328F50051FF148205B1AF3AB9E1D64D
              Function 00418ADF Relevance: 10.6, APIs: 7, Instructions: 53COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_memset
              • String ID:
              • API String ID: 4237643672-0
              • Opcode ID: 172f5412d40c742a0436315131ee78bb28553443ce6c0e4d672c0d48a06cf52d
              • Instruction ID: 4949e5e280427d9c2903666b118ad7a011addbd700351a07de4adb0562bb69d9
              • Opcode Fuzzy Hash: 172f5412d40c742a0436315131ee78bb28553443ce6c0e4d672c0d48a06cf52d
              • Instruction Fuzzy Hash: 6701D272604A10B7DE223A1AEC02FD6BBA5EF44328F50051FF148205B1AF3AB9E1D64D
              Function 007B59BB Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __init_pointers.LIBCMT ref: 007B59BB
                • Part of subcall function 007B3E52: EncodePointer.KERNEL32(00000000,00000001,007B59C0,007B38C1,007C54B0,00000008,007B3A87,?,00000001,?,007C54D0,0000000C,007B3A26,?,00000001,?), ref: 007B3E55
                • Part of subcall function 007B3E52: __initp_misc_winsig.LIBCMT ref: 007B3E70
                • Part of subcall function 007B3E52: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 007B899C
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 007B89B0
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 007B89C3
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 007B89D6
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 007B89E9
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 007B89FC
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 007B8A0F
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 007B8A22
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 007B8A35
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 007B8A48
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 007B8A5B
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 007B8A6E
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 007B8A81
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 007B8A94
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 007B8AA7
                • Part of subcall function 007B3E52: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 007B8ABA
              • __mtinitlocks.LIBCMT ref: 007B59C0
              • __mtterm.LIBCMT ref: 007B59C9
                • Part of subcall function 007B5A31: DeleteCriticalSection.KERNEL32(?,?,?,?,007B398C,007B3972,007C54B0,00000008,007B3A87,?,00000001,?,007C54D0,0000000C,007B3A26,?), ref: 007B8FBF
                • Part of subcall function 007B5A31: _free.LIBCMT ref: 007B8FC6
                • Part of subcall function 007B5A31: DeleteCriticalSection.KERNEL32(007CA2B0,?,?,007B398C,007B3972,007C54B0,00000008,007B3A87,?,00000001,?,007C54D0,0000000C,007B3A26,?,00000001), ref: 007B8FE8
              • __calloc_crt.LIBCMT ref: 007B59EE
              • __initptd.LIBCMT ref: 007B5A10
              • GetCurrentThreadId.KERNEL32 ref: 007B5A17
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
              • String ID:
              • API String ID: 3567560977-0
              • Opcode ID: a9a069a2376cd85111fd15484d4fce9950231e59197347a0219623910204e667
              • Instruction ID: 4ee969f2d1d2291c13ecb0b9f202c0be01a0e108f967735156b5b51bc7b78300
              • Opcode Fuzzy Hash: a9a069a2376cd85111fd15484d4fce9950231e59197347a0219623910204e667
              • Instruction Fuzzy Hash: E9F0F032668B12DAE6A4B7743C0BBDA2B88DB01730B24872EF120E40D2EF3DD4018291
              Function 007A4792 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 34memoryinjectionCOMMON
              Download Yara Rule
              APIs
              • VirtualQuery.KERNEL32(?,?,0000001C,?,Dz,007A4874,?,00000000,?,?,00000000,?,?,?,?,007A440D), ref: 007A47A1
              • VirtualProtect.KERNEL32(?,?,00000040,?,?,Dz,007A4874,?,00000000,?,?,00000000), ref: 007A47B3
              • WriteProcessMemory.KERNEL32(000000FF,?,?,00000005,?,?,Dz,007A4874,?,00000000,?,?,00000000), ref: 007A47C7
              • VirtualProtect.KERNEL32(?,?,?,00000000,?,Dz,007A4874,?,00000000,?,?,00000000), ref: 007A47DA
              • FlushInstructionCache.KERNEL32(000000FF,?,?,?,Dz,007A4874,?,00000000,?,?,00000000,?,?,?,?,007A440D), ref: 007A47E8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Virtual$Protect$CacheFlushInstructionMemoryProcessQueryWrite
              • String ID: Dz
              • API String ID: 834688674-3546044514
              • Opcode ID: 5487b9a7a5c2bc5e324f6c01fa859e8afcb8b349fdf7b0e4703b98e3c7cdadb1
              • Instruction ID: 982a89d1b2c9f0ff686b49a3dcd36a942f4cd42779a2c5aa1a36f0f64dce1c8b
              • Opcode Fuzzy Hash: 5487b9a7a5c2bc5e324f6c01fa859e8afcb8b349fdf7b0e4703b98e3c7cdadb1
              • Instruction Fuzzy Hash: AEF0C97680010EFFDF019FD0DD0ADEEBB79FB09311F648264FB20A10A0D6369A619B65
              Function 007B45F0 Relevance: 9.3, APIs: 6, Instructions: 276COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _ValidateScopeTableHandlers.LIBCMT ref: 007B4700
              • __FindPESection.LIBCMT ref: 007B471A
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: FindHandlersScopeSectionTableValidate
              • String ID:
              • API String ID: 876702719-0
              • Opcode ID: 6d5381271e393f8d8da9a6ee8ee4807c49fc1ad70c369892e1716e319cbce59a
              • Instruction ID: c534568ab96851632d7cac1f9a64e775bd0307396c7546a394ad45a432d4aad7
              • Opcode Fuzzy Hash: 6d5381271e393f8d8da9a6ee8ee4807c49fc1ad70c369892e1716e319cbce59a
              • Instruction Fuzzy Hash: 8EA1ADB1A006159FCF15CF58D885BEDB7A5FB4A324F258269D809E7392E739EC01CB90
              Function 007AAC5D Relevance: 9.1, APIs: 6, Instructions: 119COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: 7d74390e3d3b14ebc962818e78149bba2cfd138009d6634f9452e01d8c2e597f
              • Instruction ID: 8efafb8f92787476819f9e95e274f14166ef85db160e837530451b0571b90e8c
              • Opcode Fuzzy Hash: 7d74390e3d3b14ebc962818e78149bba2cfd138009d6634f9452e01d8c2e597f
              • Instruction Fuzzy Hash: 02417971200B01BFD7219F25CD85EA6BBF4FF49710F044A29E99A86A61D735F860CB81
              Function 0042005D Relevance: 9.1, APIs: 6, Instructions: 119COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: 7d74390e3d3b14ebc962818e78149bba2cfd138009d6634f9452e01d8c2e597f
              • Instruction ID: a7ad60f5582abb34368685012a1a69576387958581696a391a6ea4e186c6f55c
              • Opcode Fuzzy Hash: 7d74390e3d3b14ebc962818e78149bba2cfd138009d6634f9452e01d8c2e597f
              • Instruction Fuzzy Hash: EC419E31200B11AFD7219F26DD81A62BBF4FF48714F44461EE99A86A51D732F861CF84
              Function 0042005D Relevance: 9.1, APIs: 6, Instructions: 119COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: 7d74390e3d3b14ebc962818e78149bba2cfd138009d6634f9452e01d8c2e597f
              • Instruction ID: a7ad60f5582abb34368685012a1a69576387958581696a391a6ea4e186c6f55c
              • Opcode Fuzzy Hash: 7d74390e3d3b14ebc962818e78149bba2cfd138009d6634f9452e01d8c2e597f
              • Instruction Fuzzy Hash: EC419E31200B11AFD7219F26DD81A62BBF4FF48714F44461EE99A86A51D732F861CF84
              Function 007A3896 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmovehtonl$_free_malloc
              • String ID:
              • API String ID: 2068101931-0
              • Opcode ID: 32b4af9c1d7df9265cd21fd029315372bc67b716e5b487cb93dd01fd51e248e2
              • Instruction ID: 7d5336e929b705a6556ffa03fc5377e4808ac03754684e71f8d9194db51fe2ff
              • Opcode Fuzzy Hash: 32b4af9c1d7df9265cd21fd029315372bc67b716e5b487cb93dd01fd51e248e2
              • Instruction Fuzzy Hash: 4A218EB6E00219ABCF10DFD9CC4599FBBB8FF95714B148569F909A3301D679AA108BA0
              Function 007A3982 Relevance: 9.1, APIs: 6, Instructions: 71COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc
              • String ID:
              • API String ID: 1579825452-0
              • Opcode ID: d1e1c7500a1feb8a42f0d7f01690412e78cf02ebe3ee68d35ee8882088799a10
              • Instruction ID: 060d50ff75fb2c530bff761bb213ece01177d8f40d7f697edb6aa4c70a7c538e
              • Opcode Fuzzy Hash: d1e1c7500a1feb8a42f0d7f01690412e78cf02ebe3ee68d35ee8882088799a10
              • Instruction Fuzzy Hash: 54214C7650020AFFDB00DF98DC44D9ABBA9FF89314B148216F90897A21D775E961CFD0
              Function 0042ADBB Relevance: 9.0, APIs: 6, Instructions: 45COMMON
              Download Yara Rule
              APIs
              • __init_pointers.LIBCMT ref: 0042ADBB
                • Part of subcall function 00429252: __initp_misc_winsig.LIBCMT ref: 00429270
              • __mtinitlocks.LIBCMT ref: 0042ADC0
              • __mtterm.LIBCMT ref: 0042ADC9
                • Part of subcall function 0042AE31: _free.LIBCMT ref: 0042E3C6
              • __calloc_crt.LIBCMT ref: 0042ADEE
              • __initptd.LIBCMT ref: 0042AE10
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
              • String ID:
              • API String ID: 206718379-0
              • Opcode ID: cdbd6e9a45f981a708feef8c797b3e46368fb1566bb811768e41a06a7cb1253b
              • Instruction ID: 542d129351d9a554a5d4a3c2b190986b1cd500c8eca71b900f15a0362e4a2cae
              • Opcode Fuzzy Hash: cdbd6e9a45f981a708feef8c797b3e46368fb1566bb811768e41a06a7cb1253b
              • Instruction Fuzzy Hash: 6DF046323686315AF62477763C0365B3784CF01379BA1022FF820C84D6EF1884528149
              Function 0042ADBB Relevance: 9.0, APIs: 6, Instructions: 45COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __init_pointers.LIBCMT ref: 0042ADBB
                • Part of subcall function 00429252: __initp_misc_winsig.LIBCMT ref: 00429270
              • __mtinitlocks.LIBCMT ref: 0042ADC0
              • __mtterm.LIBCMT ref: 0042ADC9
                • Part of subcall function 0042AE31: _free.LIBCMT ref: 0042E3C6
              • __calloc_crt.LIBCMT ref: 0042ADEE
              • __initptd.LIBCMT ref: 0042AE10
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
              • String ID:
              • API String ID: 206718379-0
              • Opcode ID: cdbd6e9a45f981a708feef8c797b3e46368fb1566bb811768e41a06a7cb1253b
              • Instruction ID: 542d129351d9a554a5d4a3c2b190986b1cd500c8eca71b900f15a0362e4a2cae
              • Opcode Fuzzy Hash: cdbd6e9a45f981a708feef8c797b3e46368fb1566bb811768e41a06a7cb1253b
              • Instruction Fuzzy Hash: 6DF046323686315AF62477763C0365B3784CF01379BA1022FF820C84D6EF1884528149
              Function 00401EA0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 134COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00406A00: GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 00406A0B
                • Part of subcall function 00406A00: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00406A24
              • printf.MSVCRT ref: 0040201A
              • printf.MSVCRT ref: 00402042
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Timeprintf$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: Send request failed!$Send request timed out!$IK
              • API String ID: 3625036506-1697100645
              • Opcode ID: b0f1131090ecd044fda43dccf57fcf9e4ce7fa314739ecb5eba9c37367f7e442
              • Instruction ID: 5a09e55ef2964bfb7fc5c9c638dc11f00a602c892d8723c58b1520b25b264a0e
              • Opcode Fuzzy Hash: b0f1131090ecd044fda43dccf57fcf9e4ce7fa314739ecb5eba9c37367f7e442
              • Instruction Fuzzy Hash: 82419374A01306CFC724CFA9D98466AB7E4FB88304F14853FE849E73A1D778A844CB99
              Function 0041F343 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memset$_free
              • String ID: <
              • API String ID: 2449463427-4251816714
              • Opcode ID: a1647a172fc0d61ca30c5d2d1cbc59af2fa76d631a27f41aab8862765ebeda77
              • Instruction ID: 94b51040f5ab5c384c8404d6d4cb4a25fec282893fdeee30e26cc9a96afc5b85
              • Opcode Fuzzy Hash: a1647a172fc0d61ca30c5d2d1cbc59af2fa76d631a27f41aab8862765ebeda77
              • Instruction Fuzzy Hash: 2B417171900604EBDB31AF62DC49E9BBBF8FB88700F50462EF545A2160DB34A685CF54
              Function 0041F343 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memset$_free
              • String ID: <
              • API String ID: 2449463427-4251816714
              • Opcode ID: a1647a172fc0d61ca30c5d2d1cbc59af2fa76d631a27f41aab8862765ebeda77
              • Instruction ID: 94b51040f5ab5c384c8404d6d4cb4a25fec282893fdeee30e26cc9a96afc5b85
              • Opcode Fuzzy Hash: a1647a172fc0d61ca30c5d2d1cbc59af2fa76d631a27f41aab8862765ebeda77
              • Instruction Fuzzy Hash: 2B417171900604EBDB31AF62DC49E9BBBF8FB88700F50462EF545A2160DB34A685CF54
              Function 0041E270 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
              Download Yara Rule
              APIs
              • _mbstowcs_s.LIBCMT ref: 0041E2A4
                • Part of subcall function 00425C67: __wcstombs_s_l.LIBCMT ref: 00425C7B
                • Part of subcall function 0041A478: __aulldiv.LIBCMT ref: 0041A4B0
              • _strncmp.LIBCMT ref: 0041E2BF
              • _strrchr.LIBCMT ref: 0041E2E6
              • _strrchr.LIBCMT ref: 0041E2FE
                • Part of subcall function 00428C06: __wcstoi64.LIBCMT ref: 00428C10
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _strrchr$__aulldiv__wcstoi64__wcstombs_s_l_mbstowcs_s_strncmp
              • String ID: 6
              • API String ID: 42907894-498629140
              • Opcode ID: 8becdbd01b5ace92cb14502d38dc3ef19ed2eea95c55b0d0a759a76391953bd5
              • Instruction ID: 483f01efbbe3a921abfbe081eb6c210e2b58ae282b7b8a2301d7522a69dac0d1
              • Opcode Fuzzy Hash: 8becdbd01b5ace92cb14502d38dc3ef19ed2eea95c55b0d0a759a76391953bd5
              • Instruction Fuzzy Hash: DC313CB69043047FEB22BB62DC49FEA77ACAF04304F50405FFA4557142EB79A5808769
              Function 0041E270 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
              Download Yara Rule
              APIs
              • _mbstowcs_s.LIBCMT ref: 0041E2A4
                • Part of subcall function 00425C67: __wcstombs_s_l.LIBCMT ref: 00425C7B
                • Part of subcall function 0041A478: __aulldiv.LIBCMT ref: 0041A4B0
              • _strncmp.LIBCMT ref: 0041E2BF
              • _strrchr.LIBCMT ref: 0041E2E6
              • _strrchr.LIBCMT ref: 0041E2FE
                • Part of subcall function 00428C06: __wcstoi64.LIBCMT ref: 00428C10
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _strrchr$__aulldiv__wcstoi64__wcstombs_s_l_mbstowcs_s_strncmp
              • String ID: 6
              • API String ID: 42907894-498629140
              • Opcode ID: 8becdbd01b5ace92cb14502d38dc3ef19ed2eea95c55b0d0a759a76391953bd5
              • Instruction ID: 483f01efbbe3a921abfbe081eb6c210e2b58ae282b7b8a2301d7522a69dac0d1
              • Opcode Fuzzy Hash: 8becdbd01b5ace92cb14502d38dc3ef19ed2eea95c55b0d0a759a76391953bd5
              • Instruction Fuzzy Hash: DC313CB69043047FEB22BB62DC49FEA77ACAF04304F50405FFA4557142EB79A5808769
              Function 0041EAF5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memset$_free
              • String ID: <
              • API String ID: 2449463427-4251816714
              • Opcode ID: 5f34090a62f44b0ed15985bfa0073d9fbccc17480b25ead4607aa09b213b4cad
              • Instruction ID: 9c6e9652455143540004a8bca414b4587ebd9f67ca06ab557c1a5adb7e70e9b6
              • Opcode Fuzzy Hash: 5f34090a62f44b0ed15985bfa0073d9fbccc17480b25ead4607aa09b213b4cad
              • Instruction Fuzzy Hash: 2A316D75901224BBDB11AF62DC88ADABFBCFF08350F404166F909E2150DB34A694CFE4
              Function 0041EAF5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memset$_free
              • String ID: <
              • API String ID: 2449463427-4251816714
              • Opcode ID: 5f34090a62f44b0ed15985bfa0073d9fbccc17480b25ead4607aa09b213b4cad
              • Instruction ID: 9c6e9652455143540004a8bca414b4587ebd9f67ca06ab557c1a5adb7e70e9b6
              • Opcode Fuzzy Hash: 5f34090a62f44b0ed15985bfa0073d9fbccc17480b25ead4607aa09b213b4cad
              • Instruction Fuzzy Hash: 2A316D75901224BBDB11AF62DC88ADABFBCFF08350F404166F909E2150DB34A694CFE4
              Function 007A5FFE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memcmp$_free
              • String ID: b_z
              • API String ID: 446014804-971055077
              • Opcode ID: 0c7be468b5acabc05fe78fea03e52e97f946edab15982423f05219d83808557b
              • Instruction ID: c49bbf440726509631ef87409e1a74ab866ec4616a4794c5a0eaed67d5415c54
              • Opcode Fuzzy Hash: 0c7be468b5acabc05fe78fea03e52e97f946edab15982423f05219d83808557b
              • Instruction Fuzzy Hash: B321AFB2500706EBCB248F15E840F53B7B5AF99360F680729E9019B652E739F8D0CBE0
              Function 007A907E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A9085
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _malloc.LIBCMT ref: 007A908E
              • _memset.LIBCMT ref: 007A90A9
              • _memset.LIBCMT ref: 007A90B3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc_memset$AllocHeap
              • String ID: q|z
              • API String ID: 222025311-2569565613
              • Opcode ID: e09535e917b6de73b0b0e958313d59cdc854370786e9df9cee63b1ccb62f9858
              • Instruction ID: 2539a2af6b6b8399c412ae6f780f79c2e1ca0d91d622c5b81a77fc743cbd40e4
              • Opcode Fuzzy Hash: e09535e917b6de73b0b0e958313d59cdc854370786e9df9cee63b1ccb62f9858
              • Instruction Fuzzy Hash: C21190B0101B00DFD3609F69C449B57BBE4BF86714F00462DE6899FB81DBB9B4058F89
              Function 007A678E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,00000000,00000000,00010191,00010191,?,007A6328,00000000,?,?), ref: 007A67AF
              • GetLastError.KERNEL32(?,007A6328,00000000,?,?), ref: 007A67BC
              • WriteFile.KERNEL32(00000000,00000000,(cz,?,00000000,?,?,007A6328,00000000,?,?), ref: 007A67DB
              • CloseHandle.KERNEL32(00000000,?,?,007A6328,00000000,?,?), ref: 007A67F4
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: File$CloseCreateErrorHandleLastWrite
              • String ID: (cz
              • API String ID: 1150274393-924806668
              • Opcode ID: feb161c28a39e35b8f9d4fa8befd17496fcf7331f18ebddf711f07b5086caca3
              • Instruction ID: 7b3bfdd2c3c052b5f9405f2f2815c97c0899437385b374ed0a5c95c640496062
              • Opcode Fuzzy Hash: feb161c28a39e35b8f9d4fa8befd17496fcf7331f18ebddf711f07b5086caca3
              • Instruction Fuzzy Hash: 12015E71A10218BBCB209FA9DC88E9BBF7CEF46774F144259F905A3240D674AD40CAA4
              Function 00401E40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: exitfprintfprintf
              • String ID: %s: %s (%d)$Total of %d requests completed
              • API String ID: 330722453-2862413500
              • Opcode ID: 0b9d6918dea9549a65a293f2818eb40f3735dd0a110e9782c897c17d61d60ecd
              • Instruction ID: a2b9a199539fa9781624760681d999f73aac127a2c402d5d7ad429bc7f0ab849
              • Opcode Fuzzy Hash: 0b9d6918dea9549a65a293f2818eb40f3735dd0a110e9782c897c17d61d60ecd
              • Instruction Fuzzy Hash: 03F0A075581214FBD300BB64DD85DEB372CAB09702B108235FC05B7282DA78A909CBFD
              Function 00429A0A Relevance: 7.8, APIs: 5, Instructions: 267COMMON
              Download Yara Rule
              APIs
              • _ValidateScopeTableHandlers.LIBCMT ref: 00429B00
              • __FindPESection.LIBCMT ref: 00429B1A
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: FindHandlersScopeSectionTableValidate
              • String ID:
              • API String ID: 876702719-0
              • Opcode ID: a9ab2f676ced756bbb81540a83e6ac0e3dab7af6e22389c508112e55025b708c
              • Instruction ID: 24f2740b64e87aee33c555767ba9a9b82ae2c86485a3b346b4626f683fc72620
              • Opcode Fuzzy Hash: a9ab2f676ced756bbb81540a83e6ac0e3dab7af6e22389c508112e55025b708c
              • Instruction Fuzzy Hash: E4A1B071B006398FDF11CF59E881AAEB7A4FF48314FA8456AD805A7351E739EC41CB98
              Function 00409400 Relevance: 7.8, APIs: 5, Instructions: 254fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNEL32(?,?,00000003,00000000,00000FFC,00000000,00000000,?), ref: 00409536
              • CreateFileA.KERNEL32(?,?,00000003,00000000,00000FFC,00000000,00000000,?,?,?,?,00404755,?,?,00000001,00000FFF), ref: 00409550
              • GetLastError.KERNEL32(?,?,?,00404755,?,?,00000001,00000FFF,?), ref: 00409567
              • GetLastError.KERNEL32(?,?,?,00404755,?,?,00000001,00000FFF,?), ref: 00409571
              • SetFilePointer.KERNEL32(?,00000000,00000000,00000002,?,?,?,00000060,?,?,?,00404755,?,?,00000001,00000FFF), ref: 004095E9
                • Part of subcall function 004096C0: GetFileInformationByHandle.KERNEL32(?,?,00000003,?,?,00000060,?,?,?,00404755,?,?,00000001,00000FFF,?), ref: 004096D9
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: File$CreateErrorLast$HandleInformationPointer
              • String ID:
              • API String ID: 3824182389-0
              • Opcode ID: f7a41ea62d507c1e1c7f78ffd9900ee0c9d6d4848790e352b696cb55ea98cb50
              • Instruction ID: ac720ec0b51c304cca149fc18e87b58ae87a6e9f68248ad66f4ca5a1643f0eb7
              • Opcode Fuzzy Hash: f7a41ea62d507c1e1c7f78ffd9900ee0c9d6d4848790e352b696cb55ea98cb50
              • Instruction Fuzzy Hash: 6A81F2716002049BE724DF59C881FA7B7A5EF94314F24853EEA84AB3D2D77ADC41CB98
              Function 00407707 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 242stringCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: strchr
              • String ID: $(null)$0
              • API String ID: 2830005266-346035378
              • Opcode ID: a5d248de21f3a564d4578d1f52796f989e45dd86516ed0d883ecd24cd3f6536f
              • Instruction ID: 62280713d0aae595eb025e39eadc447a68a4b14b0fdbbcc23135ccd4917e52bd
              • Opcode Fuzzy Hash: a5d248de21f3a564d4578d1f52796f989e45dd86516ed0d883ecd24cd3f6536f
              • Instruction Fuzzy Hash: 14911C74E081499BDF14CF68C580AAEBBF1AF59344F1480AAD855F7381D778BE01CB66
              Function 0041DEA3 Relevance: 7.7, APIs: 5, Instructions: 210COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc_memcmp_memcpy_s_memmove
              • String ID:
              • API String ID: 1750545951-0
              • Opcode ID: 862fdced74fcfa9b150ad19952e106a65e543f2f3393a3992c377ce3ff19d723
              • Instruction ID: 5bb861b44804926c247cb63a54bdbfcaf9117260c081d68749fb3d7008b0dda7
              • Opcode Fuzzy Hash: 862fdced74fcfa9b150ad19952e106a65e543f2f3393a3992c377ce3ff19d723
              • Instruction Fuzzy Hash: 7B61D876E00219AFDB20DBA9CC85FDE7BB8EF18310F100066F905E7251D778D9859B69
              Function 0041DEA3 Relevance: 7.7, APIs: 5, Instructions: 210COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc_memcmp_memcpy_s_memmove
              • String ID:
              • API String ID: 1750545951-0
              • Opcode ID: 862fdced74fcfa9b150ad19952e106a65e543f2f3393a3992c377ce3ff19d723
              • Instruction ID: 5bb861b44804926c247cb63a54bdbfcaf9117260c081d68749fb3d7008b0dda7
              • Opcode Fuzzy Hash: 862fdced74fcfa9b150ad19952e106a65e543f2f3393a3992c377ce3ff19d723
              • Instruction Fuzzy Hash: 7B61D876E00219AFDB20DBA9CC85FDE7BB8EF18310F100066F905E7251D778D9859B69
              Function 007A3462 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_malloc_memset
              • String ID:
              • API String ID: 2102557794-0
              • Opcode ID: bfa1f4f2fae3f3f9df5f98bfd4e31d428064043ba9f6ef9824299011bf9e8c0c
              • Instruction ID: 48d2a6dbe0fef10e1cdaf9ba45d50a8805e07330e013533a9a588067f7853965
              • Opcode Fuzzy Hash: bfa1f4f2fae3f3f9df5f98bfd4e31d428064043ba9f6ef9824299011bf9e8c0c
              • Instruction Fuzzy Hash: F241A271D00209EFDF219FA8CC85CBE7BBAEF8A310B144629F90596111E739CF619B90
              Function 0041D779 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcschr$__aulldiv__snprintf_s_calloc_wcsstr
              • String ID:
              • API String ID: 572502409-0
              • Opcode ID: 6f5bfc4f91480ed17a597eaa3757089316ebe7dcfe6c204af444727d92b619a0
              • Instruction ID: a0aec6e7454b478410f1723ca51f0174613ba68dd4c674a06100229bfdfdde2c
              • Opcode Fuzzy Hash: 6f5bfc4f91480ed17a597eaa3757089316ebe7dcfe6c204af444727d92b619a0
              • Instruction Fuzzy Hash: 5B4107F1E00215BBEF20BF61DC46BDAB768EF04354F50416BFA18E6181EB3999908798
              Function 0041D779 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _wcschr$__aulldiv__snprintf_s_calloc_wcsstr
              • String ID:
              • API String ID: 572502409-0
              • Opcode ID: 6f5bfc4f91480ed17a597eaa3757089316ebe7dcfe6c204af444727d92b619a0
              • Instruction ID: a0aec6e7454b478410f1723ca51f0174613ba68dd4c674a06100229bfdfdde2c
              • Opcode Fuzzy Hash: 6f5bfc4f91480ed17a597eaa3757089316ebe7dcfe6c204af444727d92b619a0
              • Instruction Fuzzy Hash: 5B4107F1E00215BBEF20BF61DC46BDAB768EF04354F50416BFA18E6181EB3999908798
              Function 00408C70 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408CFF
              • #21.WSOCK32(E8520041,0000FFFF,00001006,0040169A,00000004,00401686,00000000,000003E8,00000000,?,?,00000000,?,00401EDA,?,00000000), ref: 00408D1D
              • #21.WSOCK32(E8520041,0000FFFF,00001005,0040169A,00000004,?,?,00000000,?,00401EDA,?,00000000,00000000,00401686,00401682,00000000), ref: 00408D30
                • Part of subcall function 00408C20: ioctlsocket.WSOCK32(C0335E5F,8004667E,00401682,00000000,?,00408F28,?,?,?,?,?,004117F8,00000001,?,00000000), ref: 00408C38
                • Part of subcall function 00408C20: WSAGetLastError.WSOCK32(?,?,00408F28,?,?,?,?,?,004117F8,00000001,?,00000000,?,?,?,?), ref: 00408C4A
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@ioctlsocket
              • String ID:
              • API String ID: 272762528-0
              • Opcode ID: 7f72bba78d5da85a8ba95dacef2e8f0183263f47da11a11dbdd0436ce6d3cf2a
              • Instruction ID: b431f02b21c252293e7429a2b27a3026506aa5e8d29479fecd65efa3c247a255
              • Opcode Fuzzy Hash: 7f72bba78d5da85a8ba95dacef2e8f0183263f47da11a11dbdd0436ce6d3cf2a
              • Instruction Fuzzy Hash: 4A3142762007056BE720DF55DE81E57B3E9BF98B14F104A3EEA89A77C1EA74F8008A54
              Function 007B01E0 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007B01EC
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _free.LIBCMT ref: 007B01FF
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocHeap_free_malloc
              • String ID:
              • API String ID: 2734353464-0
              • Opcode ID: a885c995c36e3717b114bd2e296c9df0839a52296d2b72b59f6f64934681a973
              • Instruction ID: 3ac4d0ec5479e0eb0da8ec271530d3c77560d7a7164bec66be6aca250fc7c15e
              • Opcode Fuzzy Hash: a885c995c36e3717b114bd2e296c9df0839a52296d2b72b59f6f64934681a973
              • Instruction Fuzzy Hash: 6911CA71504215DFCF256FB4AC4DBDB3B947F41360B208529F919DA151DF3C89C486D8
              Function 0040A4B0 Relevance: 7.6, APIs: 5, Instructions: 61synchronizationCOMMON
              Download Yara Rule
              APIs
              • WaitForSingleObject.KERNEL32(?,-00000001,?,?,00405756,?,00000000,00000000,00000001,?,?,00000000,?,?,00000000,00000001), ref: 0040A4C6
              • GetExitCodeProcess.KERNEL32(?,00000000), ref: 0040A4DB
              • CloseHandle.KERNEL32(?,?,00405756,?,00000000,00000000,00000001,?,?,00000000,?,?,00000000,00000001,?,?), ref: 0040A507
              • GetLastError.KERNEL32(?,00405756,?,00000000,00000000,00000001,?,?,00000000,?,?,00000000,00000001,?,?,?), ref: 0040A535
              • GetLastError.KERNEL32(?,00405756,?,00000000,00000000,00000001,?,?,00000000,?,?,00000000,00000001,?,?,?), ref: 0040A540
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$CloseCodeExitHandleObjectProcessSingleWait
              • String ID:
              • API String ID: 2245483553-0
              • Opcode ID: ce94e9386f8c0af04bd106d625d40b890bca012dc55d7e66457ec7a5520f5381
              • Instruction ID: 6ae1a3a82f63760db5dd5dced1964bf4e1ffa7e8a7d7da1633cc2b8e220f8f44
              • Opcode Fuzzy Hash: ce94e9386f8c0af04bd106d625d40b890bca012dc55d7e66457ec7a5520f5381
              • Instruction Fuzzy Hash: 00113372600219DBDB20DFA8F944AA777A8EB54754B004636FA05E7380E674E864CBA6
              Function 007AA29B Relevance: 7.6, APIs: 5, Instructions: 56COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc_memset
              • String ID:
              • API String ID: 2338540524-0
              • Opcode ID: cf6eac31ba4098dac61fc17eb45421091c5805021a20a26afbf4a7fb0580314d
              • Instruction ID: daf539aefb5a18dc78eed6cb5f2e898e6e33c054b9865eb8da6b573e50e88207
              • Opcode Fuzzy Hash: cf6eac31ba4098dac61fc17eb45421091c5805021a20a26afbf4a7fb0580314d
              • Instruction Fuzzy Hash: 4B01D231640705FBDB21AF65DC05F6B7BE49F86B60F10462AF605DA682E778D800CBE2
              Function 007A45F4 Relevance: 7.6, APIs: 5, Instructions: 51memoryinjectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNEL32(000000FF,007A4599,?,00000005,?,?,?,007A46FA,?,00000000,?,007A4599,?,?), ref: 007A460C
              • VirtualQuery.KERNEL32(?,?,0000001C,?,?), ref: 007A4627
              • VirtualProtect.KERNEL32(?,00000040,00000040,?,?,?), ref: 007A463F
              • VirtualProtect.KERNEL32(?,?,?,?,?,?), ref: 007A465C
              • FlushInstructionCache.KERNEL32(000000FF,?,?,?,?), ref: 007A4666
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Virtual$Protect$CacheFlushInstructionMemoryProcessQueryWrite
              • String ID:
              • API String ID: 834688674-0
              • Opcode ID: 1c4fa6b78968bd4a3f7c54d43fa26035b4f666c660b6a29cffaa78fb00f09538
              • Instruction ID: b6ae88a0f2be53cb0acd27b33598e5f3fd4e358cfbb1b1668628aa8e43c927d3
              • Opcode Fuzzy Hash: 1c4fa6b78968bd4a3f7c54d43fa26035b4f666c660b6a29cffaa78fb00f09538
              • Instruction Fuzzy Hash: 5211303690011EABCF118FA8CD04DDEBFB9EF49220B148356F624B21A1D634A9109BA1
              Function 007A50FA Relevance: 7.5, APIs: 5, Instructions: 39COMMON
              Download Yara Rule
              APIs
              • __time64.LIBCMT ref: 007A5108
                • Part of subcall function 007B10E7: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,007A78EA,00000000,?,00000000,000000FF,?,00000000,000000FF,007C54A0,00000214,007A5723,?), ref: 007B10F0
                • Part of subcall function 007B10E7: __aulldiv.LIBCMT ref: 007B1110
              • _rand.LIBCMT ref: 007A5121
              • _rand.LIBCMT ref: 007A5135
              • _rand.LIBCMT ref: 007A5142
              • _rand.LIBCMT ref: 007A514F
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _rand$Time$FileSystem__aulldiv__time64
              • String ID:
              • API String ID: 2467205089-0
              • Opcode ID: ccd173ecbbd3a18f30c492a38a98edc88894d8bad5056585fc09dcaac3304ff9
              • Instruction ID: 6b0966ba42d3d0a1223e403e6a66afb38e3122914c1662f86ebd9d376429d602
              • Opcode Fuzzy Hash: ccd173ecbbd3a18f30c492a38a98edc88894d8bad5056585fc09dcaac3304ff9
              • Instruction Fuzzy Hash: 09F0E27714E384A4C235A76654CBBEF7BC98F43331F24C00CB2690368298ACD45AC9B5
              Function 0041A4FA Relevance: 7.5, APIs: 5, Instructions: 39COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _rand$__aulldiv__time64
              • String ID:
              • API String ID: 31558152-0
              • Opcode ID: cc0c955d7446f95248226ffa46e08f5108db8618a41b67b342804a00bc637fc0
              • Instruction ID: 51ca777c8a8d7f8b8e97cd0ddf9cd2fd0a740cb36424365d32b1d411da990f7d
              • Opcode Fuzzy Hash: cc0c955d7446f95248226ffa46e08f5108db8618a41b67b342804a00bc637fc0
              • Instruction Fuzzy Hash: 47F0597720D76055C222B76768C3B593AD94F42334F24400EF25803282D9B884ADC539
              Function 0041A4FA Relevance: 7.5, APIs: 5, Instructions: 39COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _rand$__aulldiv__time64
              • String ID:
              • API String ID: 31558152-0
              • Opcode ID: cc0c955d7446f95248226ffa46e08f5108db8618a41b67b342804a00bc637fc0
              • Instruction ID: 51ca777c8a8d7f8b8e97cd0ddf9cd2fd0a740cb36424365d32b1d411da990f7d
              • Opcode Fuzzy Hash: cc0c955d7446f95248226ffa46e08f5108db8618a41b67b342804a00bc637fc0
              • Instruction Fuzzy Hash: 47F0597720D76055C222B76768C3B593AD94F42334F24400EF25803282D9B884ADC539
              Function 0040A340 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
              Download Yara Rule
              APIs
              • LeaveCriticalSection.KERNEL32(-0000000C,00000000,?,0040511A,00000000,?,00405F64), ref: 0040A352
              • SetEvent.KERNEL32(?,00000000,?,0040511A,00000000,?,00405F64), ref: 0040A368
              • GetLastError.KERNEL32(?,0040511A,00000000,?,00405F64), ref: 0040A389
              • GetLastError.KERNEL32(?,0040511A,00000000,?,00405F64), ref: 0040A38F
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$CriticalEventLeaveSection
              • String ID:
              • API String ID: 3480337489-0
              • Opcode ID: c38fbd374d23ef107c51dab52487fbbbbc1b4f0314f15fce748fca892ac654bd
              • Instruction ID: 456bd01fc1b439688783bd51cfc9944846aededd9d0b47765f81204111c76b01
              • Opcode Fuzzy Hash: c38fbd374d23ef107c51dab52487fbbbbc1b4f0314f15fce748fca892ac654bd
              • Instruction Fuzzy Hash: 07F08932610318D7C724A7F8DD4496F775CDB153543144537E909EA240D635DC51D799
              Function 004179C8 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_free_memset
              • String ID: YYj
              • API String ID: 1978200242-1513267830
              • Opcode ID: 0d5a0b1f37ed11871a02b571f6686bc52dbeaaf7e79182a6e6c7420ad0a48229
              • Instruction ID: 848046cdd5a14595c5367d0a89a18896f4b0081feb378533fcb9128c222895f8
              • Opcode Fuzzy Hash: 0d5a0b1f37ed11871a02b571f6686bc52dbeaaf7e79182a6e6c7420ad0a48229
              • Instruction Fuzzy Hash: 2391D93590421AEFEF119FA5CC85BEF7B75FF04744F24001AF600B6290EB7899828B99
              Function 004179C8 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_free_memset
              • String ID: YYj
              • API String ID: 1978200242-1513267830
              • Opcode ID: 0d5a0b1f37ed11871a02b571f6686bc52dbeaaf7e79182a6e6c7420ad0a48229
              • Instruction ID: 848046cdd5a14595c5367d0a89a18896f4b0081feb378533fcb9128c222895f8
              • Opcode Fuzzy Hash: 0d5a0b1f37ed11871a02b571f6686bc52dbeaaf7e79182a6e6c7420ad0a48229
              • Instruction Fuzzy Hash: 2391D93590421AEFEF119FA5CC85BEF7B75FF04744F24001AF600B6290EB7899828B99
              Function 00405F20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69memoryCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Alloc
              • String ID: apr_initialize
              • API String ID: 2773662609-1647172449
              • Opcode ID: 487a2490f2de4cd5a202d8c99ca6990a9f8e240f5e0a9fa222b3d39207e783cf
              • Instruction ID: b4841333c2a22d781c381d96dd6ca0068e742df3b49b6d2cf86dcc4d7ae9010f
              • Opcode Fuzzy Hash: 487a2490f2de4cd5a202d8c99ca6990a9f8e240f5e0a9fa222b3d39207e783cf
              • Instruction Fuzzy Hash: 5E11B6B5A4020957DB50DBB1AD455BB33ADDB44308F1041BAFD08E7281F93CCD108BA9
              Function 007A7E8A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48sleeppipeCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007AA109: WaitForSingleObject.KERNEL32(?,000000FF,?,007A4A00,00000001,00000000,?,007A49E4,00000000,00000000,007A6503,00000000,00000000,007A798B), ref: 007AA117
              • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 007A7EB3
              • GetLastError.KERNEL32 ref: 007A7EC4
              • Sleep.KERNEL32(?), ref: 007A7EE5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastNamedObjectPeekPipeSingleSleepWait
              • String ID:
              • API String ID: 52212926-3916222277
              • Opcode ID: 0b792103e7c929eb665f64fadbe8870e92afb3fed0edfbd8e881442e8a245276
              • Instruction ID: fa710b91c33aa395a195d4af3f3e54e95410fdf0cd9e063eccd669cbee703671
              • Opcode Fuzzy Hash: 0b792103e7c929eb665f64fadbe8870e92afb3fed0edfbd8e881442e8a245276
              • Instruction Fuzzy Hash: F101DF36504108BB8B248F9AEC88C5BBBBCEBC7710B1042AAF90897121D7389C50C7A1
              Function 007A61A4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 007A5C90: CryptDestroyKey.ADVAPI32(?,H{z,?,007A61B1,H{z,75BFBD50,?,007A7B48,00000000), ref: 007A5CA7
                • Part of subcall function 007A5C90: CryptReleaseContext.ADVAPI32(75BFBD50,00000000,H{z,?,007A61B1,H{z,75BFBD50,?,007A7B48,00000000), ref: 007A5CB9
                • Part of subcall function 007A5C90: _free.LIBCMT ref: 007A5CC2
                • Part of subcall function 007A5F93: _free.LIBCMT ref: 007A5FA2
              • _free.LIBCMT ref: 007A61D6
              • _memset.LIBCMT ref: 007A61E0
              • _free.LIBCMT ref: 007A61E6
                • Part of subcall function 007AA0E5: CloseHandle.KERNEL32(00000000,00000000,?,007A617A,00000000,00000000,007A7905), ref: 007AA0F9
                • Part of subcall function 007AA0E5: _free.LIBCMT ref: 007AA100
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$Crypt$CloseContextDestroyHandleRelease_memset
              • String ID: H{z
              • API String ID: 2606882113-4258479477
              • Opcode ID: 9e41c59713b9ad5675e80cfe623662fd4a9545eee247fc86c5b29b359270f3fd
              • Instruction ID: 8477fa5544e388705007334c68212e74068c27664e6c2b9864c16b8c66d9006f
              • Opcode Fuzzy Hash: 9e41c59713b9ad5675e80cfe623662fd4a9545eee247fc86c5b29b359270f3fd
              • Instruction Fuzzy Hash: F8E09231401F14FFC9323B64EC0BB8B77A99F83711F040635F905255A2EB6DBA5486E6
              Function 007A729A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(advapi32.dll,?,007A76CC,00000000,00000004,00000004,00000000,007A77D9), ref: 007A72B5
              • GetProcAddress.KERNEL32(00000000,AddMandatoryAce), ref: 007A72C5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: AddMandatoryAce$advapi32.dll
              • API String ID: 2574300362-673174713
              • Opcode ID: 67fc007e863e6cb2c579f167d5e47f797edee0bafff2b5f49dd762cd78c4f351
              • Instruction ID: 640f02ba8e92edeb78b9b1b3e1d3b75219c82bfab3e0c7dad0e9a98ca0b3b81b
              • Opcode Fuzzy Hash: 67fc007e863e6cb2c579f167d5e47f797edee0bafff2b5f49dd762cd78c4f351
              • Instruction Fuzzy Hash: 01F0303220420DBBDB059FA1DD48F9A3BB9BB45346F80C02CBA05919B1C77DC5A0DF59
              Function 007A5078 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23timeCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetSystemTime.KERNEL32(?,?,?,?,?,?,007A7926), ref: 007A5082
              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,007A7926), ref: 007A5090
              • __aulldiv.LIBCMT ref: 007A50B0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Time$System$File__aulldiv
              • String ID: &yz
              • API String ID: 1459046340-2376907229
              • Opcode ID: d0c3cef5ae7e4437892a72130776eb4830ac4c12d244d8096c6e4619d4951f9a
              • Instruction ID: dc9132dc25fb1c4165f2011d4f4ea81bf618f74829f4c9f89de4e3489247d48e
              • Opcode Fuzzy Hash: d0c3cef5ae7e4437892a72130776eb4830ac4c12d244d8096c6e4619d4951f9a
              • Instruction Fuzzy Hash: C0E04F7590020DABCF00EFE4DC8AFEFBB7CEB04605F440565BA01E3242EA38E6018B94
              Function 007AA322 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 11libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(kernel32.dll,007A78E4,?,00000000,000000FF,?,00000000,000000FF,007C54A0,00000214,007A5723,?,00000001,?,?), ref: 007AA327
              • GetProcAddress.KERNEL32(00000000,SetThreadErrorMode), ref: 007AA333
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: SetThreadErrorMode$kernel32.dll
              • API String ID: 2574300362-2080226504
              • Opcode ID: ee704624fe08420e3dd5b5f949fdf967c8f231e57f14bd0f4164623700f013db
              • Instruction ID: 59fba7fbc1c1b8cd48ceadb69122f114d5745e82757fc4dc00258721d94ca82d
              • Opcode Fuzzy Hash: ee704624fe08420e3dd5b5f949fdf967c8f231e57f14bd0f4164623700f013db
              • Instruction Fuzzy Hash: E4C04CB0780309BBEA5017E15C4EF5537146B41B42F54815C7351D50D5DA9CD280C629
              Function 00405B70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 155stringCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: strchr
              • String ID: %s: illegal option -- %c$%s: option requires an argument -- %c$L@A
              • API String ID: 2830005266-2383883331
              • Opcode ID: 68e61d586053f3f519a33f76ec617db903629e73843b58cfe012af560ca78f33
              • Instruction ID: 86489de3422707152579c998a1953a83942581348926bb9a2000340e45114fa6
              • Opcode Fuzzy Hash: 68e61d586053f3f519a33f76ec617db903629e73843b58cfe012af560ca78f33
              • Instruction Fuzzy Hash: CB515875204B858FD721CF28D480AA3BBF5FF49310B14896EE8D69B791D378E845CB64
              Function 00418862 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_malloc_memset
              • String ID:
              • API String ID: 2102557794-0
              • Opcode ID: 70ab21c43072e11d056dbe03d97873b0270650d08316fce040445d50e31a6f00
              • Instruction ID: 54f24a1d5d34cf81fcdde54d2b6134803a677f0f255fe96187e3cfd7c622627e
              • Opcode Fuzzy Hash: 70ab21c43072e11d056dbe03d97873b0270650d08316fce040445d50e31a6f00
              • Instruction Fuzzy Hash: 3441B1B1A00209AFDF219F91CC81DFF7BBAEF84314B10402EF90952211DB3999919B9A
              Function 00418862 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$_malloc_memset
              • String ID:
              • API String ID: 2102557794-0
              • Opcode ID: 70ab21c43072e11d056dbe03d97873b0270650d08316fce040445d50e31a6f00
              • Instruction ID: 54f24a1d5d34cf81fcdde54d2b6134803a677f0f255fe96187e3cfd7c622627e
              • Opcode Fuzzy Hash: 70ab21c43072e11d056dbe03d97873b0270650d08316fce040445d50e31a6f00
              • Instruction Fuzzy Hash: 3441B1B1A00209AFDF219F91CC81DFF7BBAEF84314B10402EF90952211DB3999919B9A
              Function 0040A5D0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: malloc$reallocwcslen
              • String ID:
              • API String ID: 2087320793-0
              • Opcode ID: a2f947ee24586d8d02409f3295417eea3e928b31774d6d1a6aa9f1146132840b
              • Instruction ID: 6b0556560ab20689db0b944b12a49dc93c23505709d06557d790d107311945c6
              • Opcode Fuzzy Hash: a2f947ee24586d8d02409f3295417eea3e928b31774d6d1a6aa9f1146132840b
              • Instruction Fuzzy Hash: 8D412875A0020AAFCB10CFADD984A9EBBB4FF48314F14857AE849E7340D6359A24CB95
              Function 007BFF1F Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __write$__getbuf__getptd_noexit__lseeki64
              • String ID:
              • API String ID: 4182129353-0
              • Opcode ID: 112c581e1e5e5e4ceeec1f2b95c801a68ffe52cdd5084c2f020e6113c17a1a09
              • Instruction ID: bcfafa77dc03b75c6877f93b17699d6b3446942c22d6cb889a669511949fbb93
              • Opcode Fuzzy Hash: 112c581e1e5e5e4ceeec1f2b95c801a68ffe52cdd5084c2f020e6113c17a1a09
              • Instruction Fuzzy Hash: DF41B471500705DFD7249F6CC855BBAB7E4AF41320F14822DE8A68B6D1E77CD9808B91
              Function 0043531F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __write$__getbuf__getptd_noexit__lseeki64
              • String ID:
              • API String ID: 4182129353-0
              • Opcode ID: 95cb0ede7303aa81efe432b366aa6b8524aa257b8c28538cc28e6a231143b0a3
              • Instruction ID: e51d84aafad35c09c56f3de5af85f6384c38efec0ecdf6af53c23896d2b838c6
              • Opcode Fuzzy Hash: 95cb0ede7303aa81efe432b366aa6b8524aa257b8c28538cc28e6a231143b0a3
              • Instruction Fuzzy Hash: DC410671500B019FD3289F69C451B2BB3A4AF59364F14922FE8A68B791E77C98408B59
              Function 0043531F Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __write$__getbuf__getptd_noexit__lseeki64
              • String ID:
              • API String ID: 4182129353-0
              • Opcode ID: 95cb0ede7303aa81efe432b366aa6b8524aa257b8c28538cc28e6a231143b0a3
              • Instruction ID: e51d84aafad35c09c56f3de5af85f6384c38efec0ecdf6af53c23896d2b838c6
              • Opcode Fuzzy Hash: 95cb0ede7303aa81efe432b366aa6b8524aa257b8c28538cc28e6a231143b0a3
              • Instruction Fuzzy Hash: DC410671500B019FD3289F69C451B2BB3A4AF59364F14922FE8A68B791E77C98408B59
              Function 0041964E Relevance: 6.1, APIs: 4, Instructions: 104COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 00419688
                • Part of subcall function 00424BC0: __FF_MSGBANNER.LIBCMT ref: 00424BD7
                • Part of subcall function 00424BC0: __NMSG_WRITE.LIBCMT ref: 00424BDE
              • _free.LIBCMT ref: 0041975C
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc
              • String ID:
              • API String ID: 845055658-0
              • Opcode ID: bdb5ac8313096eef45708a5c76a35f592dec02f7d45160f183b051d05b214746
              • Instruction ID: 0c3af16fb4b6940bc06849ec69689ab4fc3e492de8d56d6dbd719cdb474381da
              • Opcode Fuzzy Hash: bdb5ac8313096eef45708a5c76a35f592dec02f7d45160f183b051d05b214746
              • Instruction Fuzzy Hash: 0731B8B5A10229EFDB00DF68DC90A9A7BA8FF48354B21415BF809A7311E774ED91CBD4
              Function 0041964E Relevance: 6.1, APIs: 4, Instructions: 104COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 00419688
                • Part of subcall function 00424BC0: __FF_MSGBANNER.LIBCMT ref: 00424BD7
                • Part of subcall function 00424BC0: __NMSG_WRITE.LIBCMT ref: 00424BDE
              • _free.LIBCMT ref: 0041975C
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc
              • String ID:
              • API String ID: 845055658-0
              • Opcode ID: bdb5ac8313096eef45708a5c76a35f592dec02f7d45160f183b051d05b214746
              • Instruction ID: 0c3af16fb4b6940bc06849ec69689ab4fc3e492de8d56d6dbd719cdb474381da
              • Opcode Fuzzy Hash: bdb5ac8313096eef45708a5c76a35f592dec02f7d45160f183b051d05b214746
              • Instruction Fuzzy Hash: 0731B8B5A10229EFDB00DF68DC90A9A7BA8FF48354B21415BF809A7311E774ED91CBD4
              Function 0040A0E0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
              Download Yara Rule
              APIs
              • GetFileInformationByHandle.KERNEL32(?,?,?,00000000,?,?,0040479D,?,0073B170,?,?,?,00000001,00000FFF,?), ref: 0040A108
              • GetLastError.KERNEL32(?,?,0040479D,?,0073B170,?,?,?,00000001,00000FFF,?), ref: 0040A118
              • GetLastError.KERNEL32(?,?,0040479D,?,0073B170,?,?,?,00000001,00000FFF,?), ref: 0040A122
                • Part of subcall function 0040B2D0: WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000FFF,00000003,?,?,00409361,00000003,?,00000003,?,0040963D), ref: 0040B31F
                • Part of subcall function 00409F20: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00409F73
                • Part of subcall function 00409F20: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00409FCC
                • Part of subcall function 00409F20: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040A021
              • GetFileType.KERNEL32(?,?,?,?,?,?,?,0040479D,?,0073B170,?,?,?,00000001,00000FFF,?), ref: 0040A153
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: FileUnothrow_t@std@@@__ehfuncinfo$??2@$ErrorLast$HandleInformationTypeWrite
              • String ID:
              • API String ID: 2068948226-0
              • Opcode ID: fd324acca58732b605e6225f0af0dfff3ac82db7da90865dc66c3246031b9d48
              • Instruction ID: 55e53a244403b5028978291197fd620d83c031189daad877d11ab0d53d2a8617
              • Opcode Fuzzy Hash: fd324acca58732b605e6225f0af0dfff3ac82db7da90865dc66c3246031b9d48
              • Instruction Fuzzy Hash: D0318175600605ABD724DF69D841E6BB7E8EF48310F00862FE859E7780D734E821CB96
              Function 007BCA62 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 007BCA98
              • __isleadbyte_l.LIBCMT ref: 007BCAC6
              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 007BCAF4
              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 007BCB2A
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
              • String ID:
              • API String ID: 3058430110-0
              • Opcode ID: 76437903423427e52597de84ad0e06c82f8b219540f09d31a1ced880f7ac9ed9
              • Instruction ID: b4d37c381a806980bd52b63c5bce1dd6a5ba1e73d0d807d6abf3685929d56130
              • Opcode Fuzzy Hash: 76437903423427e52597de84ad0e06c82f8b219540f09d31a1ced880f7ac9ed9
              • Instruction Fuzzy Hash: 6A31CE7060420AAFDB22CE75C84ABEB7BA5BF41310F15C529E8648B1A0E7389850DB90
              Function 00409250 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 95COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: wcscpy
              • String ID: \\?\$\\?\UNC\
              • API String ID: 1284135714-3019864461
              • Opcode ID: 7bf9b479ae0f506667554455648a6364a1984731e0c02fe96add7b1c2cf7a454
              • Instruction ID: 2dadba5cac1b4e5ad7f7dc0767d6ba69e4db7974cd5dfc810b5d90e8ca36303b
              • Opcode Fuzzy Hash: 7bf9b479ae0f506667554455648a6364a1984731e0c02fe96add7b1c2cf7a454
              • Instruction Fuzzy Hash: 7521B43550120967DB208E28DC857EB3768EF49364F48497FEC68A67C3D239CD868B69
              Function 00418C96 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmove$_free_malloc
              • String ID:
              • API String ID: 2856543016-0
              • Opcode ID: 4556bd1370f0ce584ba02db054b3bebeccf266fc07f55572d79384ce40e2d766
              • Instruction ID: bcdba62a23be70aa933fff59fc9488b18f7187670da5c5d7d677bc814eed066e
              • Opcode Fuzzy Hash: 4556bd1370f0ce584ba02db054b3bebeccf266fc07f55572d79384ce40e2d766
              • Instruction Fuzzy Hash: 382171B6D00219ABCF10DF99DC85ADBBBB8EF94314B15445EF904A7300EA35AA118BE4
              Function 00418C96 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memmove$_free_malloc
              • String ID:
              • API String ID: 2856543016-0
              • Opcode ID: 4556bd1370f0ce584ba02db054b3bebeccf266fc07f55572d79384ce40e2d766
              • Instruction ID: bcdba62a23be70aa933fff59fc9488b18f7187670da5c5d7d677bc814eed066e
              • Opcode Fuzzy Hash: 4556bd1370f0ce584ba02db054b3bebeccf266fc07f55572d79384ce40e2d766
              • Instruction Fuzzy Hash: 382171B6D00219ABCF10DF99DC85ADBBBB8EF94314B15445EF904A7300EA35AA118BE4
              Function 0041B3FE Relevance: 6.1, APIs: 4, Instructions: 76COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memcmp$_free
              • String ID:
              • API String ID: 446014804-0
              • Opcode ID: 58e8f76fefb9340c77c86824ac4f1345bdac18f4a2b79478e96dd0f641f6a5be
              • Instruction ID: 89252656e27bbd005d544744429fc3ffc9a5a7ce26ec00f51acd7c5c727755aa
              • Opcode Fuzzy Hash: 58e8f76fefb9340c77c86824ac4f1345bdac18f4a2b79478e96dd0f641f6a5be
              • Instruction Fuzzy Hash: 6221B3B1600702ABC720DF15E840B92B7B5EF18320B64452AE80597753D738F8E0CBE9
              Function 0041B3FE Relevance: 6.1, APIs: 4, Instructions: 76COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memcmp$_free
              • String ID:
              • API String ID: 446014804-0
              • Opcode ID: 58e8f76fefb9340c77c86824ac4f1345bdac18f4a2b79478e96dd0f641f6a5be
              • Instruction ID: 89252656e27bbd005d544744429fc3ffc9a5a7ce26ec00f51acd7c5c727755aa
              • Opcode Fuzzy Hash: 58e8f76fefb9340c77c86824ac4f1345bdac18f4a2b79478e96dd0f641f6a5be
              • Instruction Fuzzy Hash: 6221B3B1600702ABC720DF15E840B92B7B5EF18320B64452AE80597753D738F8E0CBE9
              Function 007A9382 Relevance: 6.1, APIs: 4, Instructions: 75encryptionCOMMON
              Download Yara Rule
              APIs
              • WinHttpQueryHeaders.WINHTTP(?,20000013,00000000,?,?,00000000), ref: 007A93A4
              • WinHttpQueryOption.WINHTTP(?,0000004E,?,?), ref: 007A93F2
              • CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 007A940F
              • _memcmp.LIBCMT ref: 007A9421
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: HttpQuery$CertCertificateContextHeadersOptionProperty_memcmp
              • String ID:
              • API String ID: 2937751893-0
              • Opcode ID: 4644583915b96ea1e474f3a672c09f25e82d85dcdc9280c42905560191cef3c6
              • Instruction ID: cc6bb76a7c73cadc3cad8b8bd9fc53e5d554d71d8a06f49f38c1cf4d165dbec8
              • Opcode Fuzzy Hash: 4644583915b96ea1e474f3a672c09f25e82d85dcdc9280c42905560191cef3c6
              • Instruction Fuzzy Hash: D5213071A0024CEADF208B96DC44EEFBBBCEB85354F508266EA04E6190D7789A55CB60
              Function 007A336D Relevance: 6.1, APIs: 4, Instructions: 57COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_free_memmove_memset
              • String ID:
              • API String ID: 3821639056-0
              • Opcode ID: 65272ed0582c82138469b6afd34a66f0ce995f073ae538a04b398df8ceacc816
              • Instruction ID: 5873f0be5f7e96e3bd3dbeefeb0bc46ebf6d0f14cd4138b4f940438a8bf37a1c
              • Opcode Fuzzy Hash: 65272ed0582c82138469b6afd34a66f0ce995f073ae538a04b398df8ceacc816
              • Instruction Fuzzy Hash: 86112672600306DFDB209F45DC81B6AB3E8EF82754F24053DF58586241EA79E950C760
              Function 0041876D Relevance: 6.1, APIs: 4, Instructions: 57COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_free_memmove_memset
              • String ID:
              • API String ID: 3821639056-0
              • Opcode ID: 90a789b2d4be4341b3456d79e6b8e585f42d87e717cd5e224c6a37d9ea8fb917
              • Instruction ID: f55892b90b6f69854ea92aef53d383aaf0a7ac96b0772db51b5546233a41935f
              • Opcode Fuzzy Hash: 90a789b2d4be4341b3456d79e6b8e585f42d87e717cd5e224c6a37d9ea8fb917
              • Instruction Fuzzy Hash: 4E110C766007029FD7209F05EC81BA7B7E4EF80754F34443FE49482691E738E890C718
              Function 0041876D Relevance: 6.1, APIs: 4, Instructions: 57COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$_free_memmove_memset
              • String ID:
              • API String ID: 3821639056-0
              • Opcode ID: 90a789b2d4be4341b3456d79e6b8e585f42d87e717cd5e224c6a37d9ea8fb917
              • Instruction ID: f55892b90b6f69854ea92aef53d383aaf0a7ac96b0772db51b5546233a41935f
              • Opcode Fuzzy Hash: 90a789b2d4be4341b3456d79e6b8e585f42d87e717cd5e224c6a37d9ea8fb917
              • Instruction Fuzzy Hash: 4E110C766007029FD7209F05EC81BA7B7E4EF80754F34443FE49482691E738E890C718
              Function 0041F69B Relevance: 6.1, APIs: 4, Instructions: 56COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc_memset
              • String ID:
              • API String ID: 2338540524-0
              • Opcode ID: 57472920f5860446db917b7f0a4a1864544099604777fec64e7218911f27924f
              • Instruction ID: 7f4bf9bad80ba2a4262750e16e7cb75e713ee03960a2443199670f398e391c92
              • Opcode Fuzzy Hash: 57472920f5860446db917b7f0a4a1864544099604777fec64e7218911f27924f
              • Instruction Fuzzy Hash: E0010431644711ABD7209F66AC41BDB7BE4DF00764F00043FF615CA282E774E44B4799
              Function 0041F69B Relevance: 6.1, APIs: 4, Instructions: 56COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free_malloc_memset
              • String ID:
              • API String ID: 2338540524-0
              • Opcode ID: 57472920f5860446db917b7f0a4a1864544099604777fec64e7218911f27924f
              • Instruction ID: 7f4bf9bad80ba2a4262750e16e7cb75e713ee03960a2443199670f398e391c92
              • Opcode Fuzzy Hash: 57472920f5860446db917b7f0a4a1864544099604777fec64e7218911f27924f
              • Instruction Fuzzy Hash: E0010431644711ABD7209F66AC41BDB7BE4DF00764F00043FF615CA282E774E44B4799
              Function 0041E47E Relevance: 6.1, APIs: 4, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 0041E485
                • Part of subcall function 00424BC0: __FF_MSGBANNER.LIBCMT ref: 00424BD7
                • Part of subcall function 00424BC0: __NMSG_WRITE.LIBCMT ref: 00424BDE
              • _malloc.LIBCMT ref: 0041E48E
              • _memset.LIBCMT ref: 0041E4A9
              • _memset.LIBCMT ref: 0041E4B3
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc_memset
              • String ID:
              • API String ID: 4137368368-0
              • Opcode ID: 26fb1d49f763a7c06791f01a879982d822eecb872272110b27f2d943730b21e7
              • Instruction ID: 7bced31ade0d7ea3259e022aab6ef8e87926719c3e0c45cf56285a5d6ab9ecd9
              • Opcode Fuzzy Hash: 26fb1d49f763a7c06791f01a879982d822eecb872272110b27f2d943730b21e7
              • Instruction Fuzzy Hash: A1117CB0201B409FE360DF26D441B46BBE4FF44790F80452EE68A9BB85D7BAB1418B48
              Function 0041E47E Relevance: 6.1, APIs: 4, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 0041E485
                • Part of subcall function 00424BC0: __FF_MSGBANNER.LIBCMT ref: 00424BD7
                • Part of subcall function 00424BC0: __NMSG_WRITE.LIBCMT ref: 00424BDE
              • _malloc.LIBCMT ref: 0041E48E
              • _memset.LIBCMT ref: 0041E4A9
              • _memset.LIBCMT ref: 0041E4B3
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc_memset
              • String ID:
              • API String ID: 4137368368-0
              • Opcode ID: 26fb1d49f763a7c06791f01a879982d822eecb872272110b27f2d943730b21e7
              • Instruction ID: 7bced31ade0d7ea3259e022aab6ef8e87926719c3e0c45cf56285a5d6ab9ecd9
              • Opcode Fuzzy Hash: 26fb1d49f763a7c06791f01a879982d822eecb872272110b27f2d943730b21e7
              • Instruction Fuzzy Hash: A1117CB0201B409FE360DF26D441B46BBE4FF44790F80452EE68A9BB85D7BAB1418B48
              Function 007A436A Relevance: 6.1, APIs: 4, Instructions: 51memorylibraryCOMMON
              Download Yara Rule
              APIs
              • _strrchr.LIBCMT ref: 007A4374
              • VirtualAlloc.KERNEL32(00000000,00000180,00001000,00000040), ref: 007A4390
              • LoadLibraryA.KERNEL32 ref: 007A43FA
              • VirtualFree.KERNEL32(00000000), ref: 007A441C
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: Virtual$AllocFreeLibraryLoad_strrchr
              • String ID:
              • API String ID: 3090839149-0
              • Opcode ID: a6290fb95b621c79f7f07009d22030712fde2d6fdc95b2900f68340e5c35bc5f
              • Instruction ID: 06d95a37ca00cbf987b129a5abd5d19ddb68437cdb341fad7d2e453cfa323ba0
              • Opcode Fuzzy Hash: a6290fb95b621c79f7f07009d22030712fde2d6fdc95b2900f68340e5c35bc5f
              • Instruction Fuzzy Hash: 0F115231A02208BFD7116F54DE0AF993B94EF45357F10C029F644A65A2DEBED840CF49
              Function 007AA459 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 007AA473
              • _calloc.LIBCMT ref: 007AA487
              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 007AA4A5
              • _free.LIBCMT ref: 007AA4B0
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ByteCharMultiWide$_calloc_free
              • String ID:
              • API String ID: 214096796-0
              • Opcode ID: 75f462bf76f2236a69aeaaa2a9999f88a7be56a7ac323a8ef004206e7d5b6576
              • Instruction ID: a8edb8c276917bb0b0845b7f30dc318fdcc33356a0f398d0289e28446e00a441
              • Opcode Fuzzy Hash: 75f462bf76f2236a69aeaaa2a9999f88a7be56a7ac323a8ef004206e7d5b6576
              • Instruction Fuzzy Hash: BFF090B620972A7FB72029F85C49DB72A8DDB0A7B17148735BE14D51C1EAA9CC4082F1
              Function 007B6F15 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
              • String ID:
              • API String ID: 3016257755-0
              • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
              • Instruction ID: b4294cf63070dfae5e8801af2c10e04a8f6b78f0762de67ecac76001d544d302
              • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
              • Instruction Fuzzy Hash: 32014C3240414AFFCF165E84EC05DEE3F22BB19394F588525FA1898131D63ADAB1EB82
              Function 0042C315 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
              • String ID:
              • API String ID: 3016257755-0
              • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
              • Instruction ID: b92336905337b9047edf72b274cab917eb8cf864e072bc1b4f52e6d40487c4d4
              • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
              • Instruction Fuzzy Hash: BA01833254019DFBCF129E84EC818EE3F36BB18344B948816FE1854131C73ACA71AB89
              Function 0042C315 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
              • String ID:
              • API String ID: 3016257755-0
              • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
              • Instruction ID: b92336905337b9047edf72b274cab917eb8cf864e072bc1b4f52e6d40487c4d4
              • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
              • Instruction Fuzzy Hash: BA01833254019DFBCF129E84EC818EE3F36BB18344B948816FE1854131C73ACA71AB89
              Function 007AA3F3 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,00000000,000000FF,00000000,00000000), ref: 007AA411
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ByteCharMultiWide
              • String ID:
              • API String ID: 626452242-0
              • Opcode ID: dfffba91cc55c89b6c8d0e9fecb15aab82d611cc24adc8716bcef7f8860d4387
              • Instruction ID: 1d24f638540ac6f93218398d0e8b68f671b6c38ae735cc96a620b2e107579730
              • Opcode Fuzzy Hash: dfffba91cc55c89b6c8d0e9fecb15aab82d611cc24adc8716bcef7f8860d4387
              • Instruction Fuzzy Hash: BBF0F63234562A7AFB3029A86C4AFA6774C9B46BB5F208325FF14A81C1DAD88C0083D5
              Function 00435579 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __close__flush__freebuf__getptd_noexit
              • String ID:
              • API String ID: 3959483535-0
              • Opcode ID: b6811ef1246f4baaad9cae60b04a41c31b9489c830a52688bb9a6237b8cea2e8
              • Instruction ID: ae799b4b7179e104755e0fe43cebc43e6527b24ddb48a1d56bf84e4327208933
              • Opcode Fuzzy Hash: b6811ef1246f4baaad9cae60b04a41c31b9489c830a52688bb9a6237b8cea2e8
              • Instruction Fuzzy Hash: 0AF0F432600F206ACA212A269C0275B369A4F49338F14561BE960821C1DB7CA8054B9D
              Function 00435579 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: __close__flush__freebuf__getptd_noexit
              • String ID:
              • API String ID: 3959483535-0
              • Opcode ID: b6811ef1246f4baaad9cae60b04a41c31b9489c830a52688bb9a6237b8cea2e8
              • Instruction ID: ae799b4b7179e104755e0fe43cebc43e6527b24ddb48a1d56bf84e4327208933
              • Opcode Fuzzy Hash: b6811ef1246f4baaad9cae60b04a41c31b9489c830a52688bb9a6237b8cea2e8
              • Instruction Fuzzy Hash: 0AF0F432600F206ACA212A269C0275B369A4F49338F14561BE960821C1DB7CA8054B9D
              Function 007A35CA Relevance: 6.0, APIs: 4, Instructions: 39COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A35D0
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007A35E1
              • htonl.WS2_32(00000008), ref: 007A35EB
              • htonl.WS2_32(?), ref: 007A35F7
                • Part of subcall function 007A381F: htonl.WS2_32(?), ref: 007A3825
                • Part of subcall function 007A36DF: _memset.LIBCMT ref: 007A36F8
                • Part of subcall function 007A36DF: _free.LIBCMT ref: 007A3700
                • Part of subcall function 007A36DF: _memset.LIBCMT ref: 007A3759
                • Part of subcall function 007A36DF: _free.LIBCMT ref: 007A375F
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _memsethtonl$_free$AllocHeap_malloc
              • String ID:
              • API String ID: 2807028738-0
              • Opcode ID: 88a02ccd8d7a5d381fd4188ebb3efe55d5ffce00ab45139820bbee21bd60b865
              • Instruction ID: 4d907d8480d3331845d965018eaf9aaebf7dd313577185a7968cab14fb513529
              • Opcode Fuzzy Hash: 88a02ccd8d7a5d381fd4188ebb3efe55d5ffce00ab45139820bbee21bd60b865
              • Instruction Fuzzy Hash: 7EF0213A600305B7D7012F75DC05F2A3B65FBC6761F008129F5088D682DB7DD2108695
              Function 0040A2D0 Relevance: 6.0, APIs: 4, Instructions: 39synchronizationCOMMON
              Download Yara Rule
              APIs
              • EnterCriticalSection.KERNEL32(-0000000C,?,004050F6,00000000,?,00405F64), ref: 0040A2E1
              • WaitForSingleObject.KERNEL32(?,000000FF,?,004050F6,00000000,?,00405F64), ref: 0040A2F3
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CriticalEnterObjectSectionSingleWait
              • String ID:
              • API String ID: 2738528119-0
              • Opcode ID: 64e0efb6b7f1499b4de49b542760b7db0ffbc1b6b0151710c55ba0cf1d3ccb14
              • Instruction ID: e0b5725a8b812971fe7894d7977686bd4d10914995574b9a4bb5392b8b568aad
              • Opcode Fuzzy Hash: 64e0efb6b7f1499b4de49b542760b7db0ffbc1b6b0151710c55ba0cf1d3ccb14
              • Instruction Fuzzy Hash: EDF0547260021997DB10D7E4ED44AA7775CDB603717048277E608E73D0D635D8A0C6AD
              Function 007A722B Relevance: 6.0, APIs: 4, Instructions: 38COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNEL32(89C03359,00000000,?,007A74CF,?), ref: 007A7242
              • CloseHandle.KERNEL32(0F078900,00000000,?,007A74CF,?), ref: 007A726E
              • _free.LIBCMT ref: 007A7283
              • _free.LIBCMT ref: 007A7291
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CloseHandle_free
              • String ID:
              • API String ID: 3521661170-0
              • Opcode ID: 78f2715d4be6805d9b417716222f209623b31de6a8f9438856af31665063ccc1
              • Instruction ID: b4c0c1a156b14269f3601aeb7d3721a9c5962b7ddcbb2585f784563395146127
              • Opcode Fuzzy Hash: 78f2715d4be6805d9b417716222f209623b31de6a8f9438856af31665063ccc1
              • Instruction Fuzzy Hash: 03018132504B049BD6395B75DC0EB9673F8BF46722F540B1DF0AA950D0D778F884CA84
              Function 007A7142 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 007AA109: WaitForSingleObject.KERNEL32(?,000000FF,?,007A4A00,00000001,00000000,?,007A49E4,00000000,00000000,007A6503,00000000,00000000,007A798B), ref: 007AA117
              • CloseHandle.KERNEL32(?), ref: 007A7169
              • CloseHandle.KERNEL32(?), ref: 007A716E
              • CloseHandle.KERNEL32(?), ref: 007A7173
              • _free.LIBCMT ref: 007A7181
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CloseHandle$ErrorFreeHeapLastObjectSingleWait_free
              • String ID:
              • API String ID: 2311913730-0
              • Opcode ID: 7322b173293472c052565c2e00193943afbc6f13f9a45ff6c9f21d366de58db3
              • Instruction ID: 00ec5163f0c03e02a5a64be92df33ef4d244e3fa43fbc0d958e0dc372f25b4f2
              • Opcode Fuzzy Hash: 7322b173293472c052565c2e00193943afbc6f13f9a45ff6c9f21d366de58db3
              • Instruction Fuzzy Hash: 39F0FF32204509FBD7196B76EC0A996BBA5FF86361B104226E01847161DB76F860DBD1
              Function 007A859D Relevance: 6.0, APIs: 4, Instructions: 37COMMON
              Download Yara Rule
              APIs
              • _calloc.LIBCMT ref: 007A85A5
                • Part of subcall function 007B0021: __calloc_impl.LIBCMT ref: 007B0034
              • GetCurrentProcess.KERNEL32(?,?,00000010,00000000,00000001,00000002), ref: 007A85C4
              • DuplicateHandle.KERNEL32(00000000), ref: 007A85CB
              • _free.LIBCMT ref: 007A85D6
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CurrentDuplicateErrorFreeHandleHeapLastProcess__calloc_impl_calloc_free
              • String ID:
              • API String ID: 2366337730-0
              • Opcode ID: 633d374c1c93a3406c3fcab5be4de59380530f2c3e5a0d35957ffa6e3b99dba3
              • Instruction ID: 9eaf342d0f30d9a228c1ffad8b50ab89455239796fa42ec9a968b05e02e0cf2a
              • Opcode Fuzzy Hash: 633d374c1c93a3406c3fcab5be4de59380530f2c3e5a0d35957ffa6e3b99dba3
              • Instruction Fuzzy Hash: A7F03671244304AFD7149F90EC46FD637A8FB05751F40405DFA048B1D1DB769891CBE5
              Function 007A81B4 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 007A81CD
                • Part of subcall function 007AF788: HeapFree.KERNEL32(00000000,00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?), ref: 007AF79C
                • Part of subcall function 007AF788: GetLastError.KERNEL32(00000000,?,007B58F9,00000000,?,?,?,00000000,?,007B903E,00000018,007C5620,00000008,007B8F8B,?,?), ref: 007AF7AE
              • _free.LIBCMT ref: 007A81E5
              • _free.LIBCMT ref: 007A81FA
              • _free.LIBCMT ref: 007A8205
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: a902d991ac1750f255eaf8ed8b2caca8c5474265e81da4c98f50a18675e22761
              • Instruction ID: 4b97995e1d1719d2083f8a119bfaa067bce3b9096a0ead184479f5670b227909
              • Opcode Fuzzy Hash: a902d991ac1750f255eaf8ed8b2caca8c5474265e81da4c98f50a18675e22761
              • Instruction Fuzzy Hash: 14F06D32110B04CFDBB25A24D809766B3E4FF47326F94062EE485468A0CB7CBC81CB86
              Function 0041D5B4 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: 09f99532f5715fa75ee61da0ce2c70ed2bbe0798f7a92593d1b7cdc70fe9c228
              • Instruction ID: 55d1a49fc6c054d5a260f5dabe0520ec9b74f114ca70e36b7718c27d0c909304
              • Opcode Fuzzy Hash: 09f99532f5715fa75ee61da0ce2c70ed2bbe0798f7a92593d1b7cdc70fe9c228
              • Instruction Fuzzy Hash: BAF04F715107109FDB355A25E505BA777E8FF0233AF95051FE44646990CB78FC84CA5C
              Function 0041D5B4 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: 09f99532f5715fa75ee61da0ce2c70ed2bbe0798f7a92593d1b7cdc70fe9c228
              • Instruction ID: 55d1a49fc6c054d5a260f5dabe0520ec9b74f114ca70e36b7718c27d0c909304
              • Opcode Fuzzy Hash: 09f99532f5715fa75ee61da0ce2c70ed2bbe0798f7a92593d1b7cdc70fe9c228
              • Instruction Fuzzy Hash: BAF04F715107109FDB355A25E505BA777E8FF0233AF95051FE44646990CB78FC84CA5C
              Function 007AA133 Relevance: 6.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007AA136
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007AA14D
              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,007AA205,?,?,000000FF), ref: 007AA159
              • _free.LIBCMT ref: 007AA167
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocCreateEventHeap_free_malloc_memset
              • String ID:
              • API String ID: 458278071-0
              • Opcode ID: 8ae72ce4e8c741d3291af415e9519109cd21485642f0ec2f3e90b1ae395dd3c0
              • Instruction ID: c6cff3b212ce41ce70608244c40f580c1f062722c186a841c617a7893b6f7a89
              • Opcode Fuzzy Hash: 8ae72ce4e8c741d3291af415e9519109cd21485642f0ec2f3e90b1ae395dd3c0
              • Instruction Fuzzy Hash: 89E04F6660516576E23136AABC0DE9B1A7CDBD3F71F410229F54485141EA184882C2E6
              Function 004066E0 Relevance: 6.0, APIs: 4, Instructions: 32networkCOMMON
              Download Yara Rule
              APIs
              • closesocket.WSOCK32(?,?,?,0040682B,?,00000000,?,004066E0,?,?,00403C4A,?,?,?,?,?), ref: 004066F0
              • WSAGetLastError.WSOCK32(?,0040682B,?,00000000,?,004066E0,?,?,00403C4A,?,?,?,?,?), ref: 00406701
              • WSAGetLastError.WSOCK32(?,0040682B,?,00000000,?,004066E0,?,?,00403C4A,?,?,?,?,?), ref: 00406707
              • CloseHandle.KERNEL32(?,?,?,0040682B,?,00000000,?,004066E0,?,?,00403C4A,?,?,?,?,?), ref: 00406723
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLast$CloseHandleclosesocket
              • String ID:
              • API String ID: 2398627750-0
              • Opcode ID: 19a55a820fc034086b5a6f6e6ffedc93f1852c4d10f282208eb332b289abd10e
              • Instruction ID: f8b1af511f93eed33ffa8f8d82707322815a419c23ca45b431166e89200fbbed
              • Opcode Fuzzy Hash: 19a55a820fc034086b5a6f6e6ffedc93f1852c4d10f282208eb332b289abd10e
              • Instruction Fuzzy Hash: F9F05E315006248BC7209BBCED8455777A8AB053747050736E96AEB6D0D734E8108F94
              Function 0040A280 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
              Download Yara Rule
              APIs
              • DeleteCriticalSection.KERNEL32(?), ref: 0040A298
              • CloseHandle.KERNEL32(?), ref: 0040A2A6
              • GetLastError.KERNEL32 ref: 0040A2B7
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: CloseCriticalDeleteErrorHandleLastSection
              • String ID:
              • API String ID: 596325006-0
              • Opcode ID: 7a587802956d7493d7662b8641c776cf43c4a070ad38b516a537fc162d588e03
              • Instruction ID: 89604f4a24fc24932e946970824464d595f4fa52147e4ba23ad12d5ff2de0c13
              • Opcode Fuzzy Hash: 7a587802956d7493d7662b8641c776cf43c4a070ad38b516a537fc162d588e03
              • Instruction Fuzzy Hash: 1FE06532640319DBCB109BF5EE489677B9CAE0476530542B6E90CE73A1E635D8108B94
              Function 00403A90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: fflushfprintf
              • String ID: Completed %d requests
              • API String ID: 1831888217-1378579972
              • Opcode ID: 26578ffbb597d28db73832c27148d75affaf0d258f25d4ead9a3db3c401a5257
              • Instruction ID: 43b92127b4a9a4139af20bfdf6b6760d73ef2c1dbd0ce1ca3c4c718fbe9ff712
              • Opcode Fuzzy Hash: 26578ffbb597d28db73832c27148d75affaf0d258f25d4ead9a3db3c401a5257
              • Instruction Fuzzy Hash: 75512975601B028FD758DF29D990A56B7F9BB88305B14C93EE49AD3390EB74F940CB88
              Function 007A6256 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(00000000), ref: 007A633E
              • GetLastError.KERNEL32 ref: 007A634A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ErrorLastLibraryLoad
              • String ID: 8:X
              • API String ID: 3568775529-2501929605
              • Opcode ID: dacf5a37054a03a8ebdc5cebc1c08ee9c48712698e504b27b65cc35095a293e5
              • Instruction ID: 1d7321d01d6cbd2db8b23e0c2bcf1a0f947c171678fd5ec486c87b2a2d17391f
              • Opcode Fuzzy Hash: dacf5a37054a03a8ebdc5cebc1c08ee9c48712698e504b27b65cc35095a293e5
              • Instruction Fuzzy Hash: 9F310972D00205BBCF12AFA48C05ABEB7B9AFC7350F184268F904B3242E77D8D119B51
              Function 007A4EE2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • VirtualProtect.KERNEL32(?,00000001,00000040,00000000,007C5480,00000014,007A7BFD,00000000,-00000030,00000001,00000000,?,007A799A,00000000,-00000030), ref: 007A4F26
              • VirtualProtect.KERNEL32(?,00000001,00000000,?,?,007A799A,00000000,-00000030), ref: 007A4F56
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: ProtectVirtual
              • String ID: M|z
              • API String ID: 544645111-3025758553
              • Opcode ID: bf2fc90a28e443e2a8811f6346c9bd0d133302adc25fd1dc00e0cff8a81a9df4
              • Instruction ID: 8678dbe1defd6f065d08dda8a255a3f580a395e12a9fb017658c49c085f81f16
              • Opcode Fuzzy Hash: bf2fc90a28e443e2a8811f6346c9bd0d133302adc25fd1dc00e0cff8a81a9df4
              • Instruction Fuzzy Hash: 9C11FB72900219AEDF11DFA4CC05AEEB7B4AF49710F188229F515E6190D77D9A019B60
              Function 007A4CC7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID: 7{z$7{z
              • API String ID: 269201875-1346417325
              • Opcode ID: a9f4fa542b59acd6e61a8796e6635df179de918e4365b21330c9e2ad329879cd
              • Instruction ID: f9e130adb0748d5a96b39e8d7a5c8ba41ee665b8c5e2af9f0eea414c99c30ba0
              • Opcode Fuzzy Hash: a9f4fa542b59acd6e61a8796e6635df179de918e4365b21330c9e2ad329879cd
              • Instruction Fuzzy Hash: 82110279641611CFC322CF59E140925FBE4FFDA750324C6AAEA498F301D3B6E881CB80
              Function 0041937F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID: ?hA
              • API String ID: 269201875-2089413398
              • Opcode ID: 63053ea78de850606ea137b2ef048ce00106ebac96f5d69c1d39d53aabdd5380
              • Instruction ID: f50197c29fa18e876b6a8753388c53699c64c846c2a30fbc50ee75911f12dd35
              • Opcode Fuzzy Hash: 63053ea78de850606ea137b2ef048ce00106ebac96f5d69c1d39d53aabdd5380
              • Instruction Fuzzy Hash: 32F027336087285B9B211F96A891A973BECFFC8374361012FEC6457350DB66EC8186CC
              Function 0041937F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890648733.0000000000416000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2890587315.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890598673.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890610578.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890623430.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2890635117.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _free
              • String ID: ?hA
              • API String ID: 269201875-2089413398
              • Opcode ID: 63053ea78de850606ea137b2ef048ce00106ebac96f5d69c1d39d53aabdd5380
              • Instruction ID: f50197c29fa18e876b6a8753388c53699c64c846c2a30fbc50ee75911f12dd35
              • Opcode Fuzzy Hash: 63053ea78de850606ea137b2ef048ce00106ebac96f5d69c1d39d53aabdd5380
              • Instruction Fuzzy Hash: 32F027336087285B9B211F96A891A973BECFFC8374361012FEC6457350DB66EC8186CC
              Function 007A1052 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A105D
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memmove.LIBCMT ref: 007A1073
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocHeap_malloc_memmove
              • String ID: 8:X
              • API String ID: 4138508007-2501929605
              • Opcode ID: 3781a05ae4b008b98688757165369cc40202d075a2c208a82606394a834496cf
              • Instruction ID: b4e14517e4d3dcf22095748ebcbaa049763852fa715cab1b84adcf687e16edce
              • Opcode Fuzzy Hash: 3781a05ae4b008b98688757165369cc40202d075a2c208a82606394a834496cf
              • Instruction Fuzzy Hash: F9F0A732B10718AFD3209B66D801F5B7BA9EB87765F40423AF54DDB101C3785810C7E6
              Function 007A64FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 007A49B9: _malloc.LIBCMT ref: 007A49BC
              • _malloc.LIBCMT ref: 007A651B
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memset.LIBCMT ref: 007A652D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: _malloc$AllocHeap_memset
              • String ID: 8:X
              • API String ID: 189632878-2501929605
              • Opcode ID: e9e70a459469245f65384b611f002b015ecd4a20ca73be5c6876b4e5e059a6fc
              • Instruction ID: 2d9ba3b7759f565dbebccbb937f4f07b5214b311eb88797542c3b15c861cbd6b
              • Opcode Fuzzy Hash: e9e70a459469245f65384b611f002b015ecd4a20ca73be5c6876b4e5e059a6fc
              • Instruction Fuzzy Hash: D1F0E571901B18EAE6207B69EC0EF5F3BD49FC3B60F54422EF5046B652DA7CD80186D9
              Function 007A343D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 007A3443
                • Part of subcall function 007AF7C0: __FF_MSGBANNER.LIBCMT ref: 007AF7D7
                • Part of subcall function 007AF7C0: __NMSG_WRITE.LIBCMT ref: 007AF7DE
                • Part of subcall function 007AF7C0: HeapAlloc.KERNEL32(00560000,00000000,00000001,00000000,00000000,00000000,?,007B8CB7,?,?,?,00000000,?,007B903E,00000018,007C5620), ref: 007AF803
              • _memmove.LIBCMT ref: 007A3455
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2890849965.00000000007A1000.00000020.00001000.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
              • Associated: 00000000.00000002.2890839246.00000000007A0000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890867844.00000000007C1000.00000002.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007C7000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CC000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890880419.00000000007CE000.00000004.00001000.00020000.00000000.sdmpDownload File
              • Associated: 00000000.00000002.2890916022.00000000007CF000.00000002.00001000.00020000.00000000.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7a0000_cracked.jbxd
              Yara matches
              Similarity
              • API ID: AllocHeap_malloc_memmove
              • String ID: l1z
              • API String ID: 4138508007-3355538630
              • Opcode ID: 6c3dd2fe872a8310d537ddf3db500eb396b4c58a68f02951321c045104fdfaba
              • Instruction ID: 7ab5393d7987d83463f8ef746a48e553305677960519bd1bb10607a2cf7ad835
              • Opcode Fuzzy Hash: 6c3dd2fe872a8310d537ddf3db500eb396b4c58a68f02951321c045104fdfaba
              • Instruction Fuzzy Hash: 7BD0C936A41A2862D56125D96C06ADA7A088B87BB1F044232FA089A282D9494A1413E6